Re: snort

From: Hairy One Kenobi (abuse_at_[
Date: 01/08/04

Date: Thu, 8 Jan 2004 00:58:28 -0000

"Dan" <> wrote in message
> Is it worth paying $10,000 for source fire to make using SNORT easier?
> Does using source fire with SNORT make SNORT a middle weight IDS solution
> opposed to a lightweight?
> _Or_ is it worth the time and energy to write your own scripts and

IMHO. Let's say that again: "IMHO"

Any IDS tool (or something that acts as an IDS tool) is only useful if
someone can act on the results.

Not sure where $10k came from..? It's an interesting interface to LibPCap,
isn't it? Just like Ethereal? Are you looking at buying-in a monitoring
service, or deploying something yourself? Did I miss something about
Commercial licensing?

Please point out where the shoe's going to drop.. ;o)