Project of the Month, December 2010

Project of the Month, December 2010

Snort

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.

Why and how did you get started?

Snort was originally written by Martin Roesch. It was originally written in November of 1997.

Who is the software’s intended audience?

Snort was originally written to be a just a plain sniffer with different formatting than what tcpdump provided at the time, however, over the years, it has taken on the roll of being an IDS/IPS. It is focused towards network security personnel and anyone interested in the network traffic that is crossing their network.

What are a couple of notable examples of how people are using your software?

Snort is used to for the prevention and detection of malicious network traffic such as hack attempts, malicious software, and viruses.

What are the system requirements for your software, and what do people need to know about getting it set up and running?

Snort can run on almost anything. Any flavor of Unix and Windows alike. It’s even embedded into devices like firewalls and routers! Snort can take a lot of memory to perform it’s detection, so a fairly robust machine should be dedicated for it’s use. The hardware is largely dependent on the amount of network traffic that Snort is attempting to deal with.

What gave you an indication that your project was becoming successful?

Marty started getting questions about how to use the project from most of the major Government organizations (which Snort is now used by all Government agencies in some form or another). Marty then decided to start Sourcefire, a commercial company.

What has been your biggest surprise?

The sheer amount, and places, that Snort is used.

What has been your biggest challenge?

Speed. Analyzing 500 Mb/s isn’t hard. The challenge comes when you are trying to analyze 10 Gb/s a second, in real time.

Why do you think your project has been so well received?

It’s easy to deploy and configure. It also has a strong eco system of tools and a great community that surrounds it. There are over 70 projects that deal in some way with Snort, and over 300,000 users.

What advice would you give to a project that’s just starting out?

Write a great product that solves a need better than anything else on the market.

Where do you see your project going?

Snort is currently under a re-write that will not only bring a massive amount of new features to the platform, but will also give it a multi-threaded analysis engine. This will provide even more tools to the IDS analyst to be able to better perform their job.

What’s on your project wish list?

Higher speeds (beyond 20 Gig a second), more anti-evasion code, and ease of use.

What are you most proud of?

The community has grown to over 300,000 users. This is a monumental install base for a security application.

How do you coordinate the project?

We have full-time programmers, Quality Assurance Testing, and full-time bug tracking.

How many hours a month do you and/or your team devote to the project?

We have a full-time paid staff dedicated to Snort development at Sourcefire.

What is your development environment like?

Snort compiles on almost anything (including Windows), so we maintain several different build environments. However, Snort is coded on Linux platforms.

How can others contribute?

We are always accepting patches, feature requests, and suggestions. We are also hiring at Sourcefire for development positions!


Ten-year badge

Over the past few months, we’ve highlighted some of our most venerable projects. This month’s Project of the Month is one of about 1,000 that began hosting on SourceForge.net in the site’s first year of existence, beginning in November 1999.


More projects of the month

Project name: Snort

Date founded: November, 1997

Project page: https://sourceforge.net/projects/snort/

Project Leader


Steven Sturges

Occupation:Product Development Manager
Location: Columbia, MD

Key Developers


Russ Combs

Occupation:Developer
Location: Columbia, MD


Ryan Jordan

Occupation:Developer
Location:
Location:Columbia, MD


Bhagya Bantwal

Occupation:Developer
Location: Columbia, MD




Why did you place the project on SourceForge.net?

Ease of use and free. Although we don’t use Sourceforge.net to host the project files anymore, our mailing lists with thousands of subscribers are still there.

How has SourceForge.net helped your project succeed?

In the past it helped in multiple ways. Currently Sourceforge provides the mailing lists for Snort. It’s a tremendous advantage.

What is the number one benefit of using SourceForge.net?

Ease of use, central location of all bugs, distribution, and lists.