Re: Naming convention of Snort

[Chris Green <cmg () sourcefire com>]

Jason Hammerschmidt <Jason.Hammerschmidt () maclaren com> writes:

> Why name Snort a NIDS when it's really a Host based IDS..

It is a NIDS.

Host Based IDS generally refers to monitoring Host based events such
as process activity or the like.  

> often being used as an attempted NIDS via Ethernet taps/port
> mirroring.

Yes that's how one can use a NIDS 

> So I don't start a flame war, I'm assuming NIDS is an inline, 

Thats generally refered to as a Gateway or Active IDS

> or inband IDS at the point of an interconnection from one network to
> another (like a router/firewall/single transparent bridge).  Also,
> this is strictly a curiousity question, I very much like Snort.
>
> In various articles/docs, Snort is often referred to as lightweight, is 
> this only because it's non commercial?

I believe this is a FAQ but it comes from the fact that snort used to
not do much protocol inspection.  As more and more features are added,
its no longer being as relavant of a term other than terms of CPU
usage :-)
-- 
Chris Green <cmg () sourcefire com>
Fame may be fleeting but obscurity is forever.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users