Snort 3 a complete rewrite, aims high

Larry Seltzer

Updated December 14, 2014 at 11:42 PM

In a league with Linux, Apache, PHP and other foundational free and open source software, Snort has become (to quote them about themselves) "...the standard in intrusion detection ... [and] ... the standard in which network researchers communicate to each other to detect bad traffic."

Read this

10 top security threats of 2014 (so far)

Snort was originally created by Martin Roesch, who went on to found Sourcefire, which builds network security appliances based on Snort, and is now its CTO. Sourcefire was acquired by Cisco in July 2013.

On Thursday Snort.org announced Snort 3.0 and released an alpha version of it. (The current version of Snort is 2.9.7.0.)

The announcement says that Snort 3.0 is the realization of a project called "SnortSP" (the Snort Security Platform) begun by Roesch in 2005. It was a reachitecturing of Snort to make it easier to use and more powerful. This required a complete rewrite, a project known internally as "Snort++". Many of these features have made their way into the current generation of Snort, such as reloading without restarting, OpenAppId, gzip decompression and IP blacklisting.

Snort 3 has a multithreaded/multi-core engine which maintains a single persistent configuration. Today even inexpensive, low power processors have multiple cores, so this change extend the reach of Snort and make it more powerful on cheaper hardware. (I have always thought it should be somehow integrated into common consumer Internet routers, but the interface isn't quite that friendly yet.)

Key components in Snort 3 are pluggable. This means that they can be more easily replaced by third parties. The system now autodetects services, so no more configuring memory, ports, arguments, etc. It auto-generates reference documentation. It verifies its configuration on startup. The command line shell is secured to localhost and adds new capabilities.The rule language is simpler and includes auto-detection of all protocols.

Work on Snort 3 began a long, long time ago. In fact, in April 2009, long before this alpha version was released, a beta was released, as described by Roesch on his long-dormant Security Sauce blog. Read the entries from that time and you can see some of the problems that must have led to the long hiatus in the project and the decision to resort to a complete rewrite.

Particularly because it is such a basic rewrite, Snort 3 requires relentless, brutal testing, to which all are invited. The alpha version just released is definitely not for production use. The source code for the project is hosted publicly on Github. Further developer discussion is on the Snort Developers mailing list.

Engadget
Pornhub to leave five more states over age-verification laws
Pornhub will block access to its site in five more states in the coming weeks.
Yahoo Sports
NFL offseason power rankings: No. 30 Denver Broncos are a mess Sean Payton signed up for
The Broncos are still reeling from the Russell Wilson trade.
Yahoo Sports
NFL teams in the worst shape for 2024 | The Exempt List
On today's episode, Charles McDonald is joined by Frank Schwab to predict how the worst six teams in the NFL will fare in 2024.
Yahoo Sports
Tiger Woods' son Charlie wins USGA qualifier to play in U.S. Junior Amateur championship
Charlie, 15, is the same age his father was when Tiger won the first of this three straight U.S. Junior Amateur championships in 1991.
Yahoo Sports
Ravens reveal their one-game-only 'Purple Rising' helmet, which should be worn full time
These helmets are too cool to keep locked up for 51 weeks a year.
Autoblog
Dealer says he sold LeBron James a Bugatti. LeBron replies: 'LIARS!'
A California high-end car dealership “congratulated” NBA legend LeBron James for all to see on Instagram about his "purchase." LeBron James begs to differ.
Yahoo Sports
Urban Meyer just served Ryan Day and Ohio State a big helping of rat poison
National title or bust is a brutal standard, but that will be the expectation this season at Ohio State.
Autoblog
The 10 cheapest vehicles to own and operate over 5 years
MarketWatch's latest study calculated the depreciation and running costs of new vehicles, finding that some more than doubled the expenses of others.
Yahoo Personal Finance
How much money should you keep in your checking account?
Every bank customer likely wonders: “How much money should I keep in my checking account?” And the answer might surprise you. Here’s how much you should really keep in a checking account.
Autoblog
2025 BMW X3 debuts bold new design, even bolder interior for next generation
BMW’s bread-and-butter model, the next-gen 2025 BMW X3, is officially out.
Yahoo Sports
Los Angeles Sparks rookie Cameron Brink has torn ACL
Brink injured her knee Tuesday night.
Yahoo Sports
Astros place Justin Verlander on IL in another blow to injured rotation
Verlander will lose a $35 million player option and become a free agent this offseason if he falls short of an innings threshold.
Yahoo Sports
Top Yankees prospect Jasson Domínguez returns to IL due to oblique injury weeks after return from Tommy John surgery
Domínguez made a splash in his 2023 MLB debut, with four home runs in eight games before being sidelined due to a UCL tear.
Yahoo Sports
Men's College World Series 2024 Day 2: Kentucky delivers another walk-off, Texas A&M wins after midnight
Day 2 of the 2024 College World Series ended at 1:13 a.m. local time.
Yahoo Sports
Lashinda Demus will get her Olympic gold medal ... 12 years later
Demus will receive her gold medal at a ceremony at the foot of the Eiffel Tower during the 2024 Summer Olympics.
Yahoo Sports
Belmont Stakes: Jayson Werth says his horse's win feels as good as World Series title
Werth bought a 10% stake in Dornoch in 2022.
Yahoo Sports
Best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Ranking all MLB City Connect jerseys, from the Dodgers at No. 28 to the Marlins at No. 1
With every participating team having released their set, let's rank and grade them all.
Yahoo Finance
AI enthusiasm prompts 3 Wall Street banks to raise stock market forecasts
AI-driven earnings growth has strategists feeling even more bullish about stock returns this year.
Yahoo Sports
Best fantasy football quarterbacks for 2024, according to our experts
The Yahoo Fantasy football analysts reveal their first quarterback rankings for the 2024 NFL season.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Snort 3 a complete rewrite, aims high

Read this

Recommended Stories

Pornhub to leave five more states over age-verification laws

NFL offseason power rankings: No. 30 Denver Broncos are a mess Sean Payton signed up for

NFL teams in the worst shape for 2024 | The Exempt List

Tiger Woods' son Charlie wins USGA qualifier to play in U.S. Junior Amateur championship

Ravens reveal their one-game-only 'Purple Rising' helmet, which should be worn full time

Dealer says he sold LeBron James a Bugatti. LeBron replies: 'LIARS!'

Urban Meyer just served Ryan Day and Ohio State a big helping of rat poison

The 10 cheapest vehicles to own and operate over 5 years

How much money should you keep in your checking account?

2025 BMW X3 debuts bold new design, even bolder interior for next generation

Los Angeles Sparks rookie Cameron Brink has torn ACL

Astros place Justin Verlander on IL in another blow to injured rotation

Top Yankees prospect Jasson Domínguez returns to IL due to oblique injury weeks after return from Tommy John surgery

Men's College World Series 2024 Day 2: Kentucky delivers another walk-off, Texas A&M wins after midnight

Lashinda Demus will get her Olympic gold medal ... 12 years later

Belmont Stakes: Jayson Werth says his horse's win feels as good as World Series title

Best RBs for 2024 fantasy football, according to our experts

Ranking all MLB City Connect jerseys, from the Dodgers at No. 28 to the Marlins at No. 1

AI enthusiasm prompts 3 Wall Street banks to raise stock market forecasts

Best fantasy football quarterbacks for 2024, according to our experts