Cisco to release flying pig – Snort 3.0
Sourcefire's been making bacon, now wants you to fry it
Cisco's going to release a flying pig.
The porcine in question is Snort 3.0, a new version of Sourcefire's well-regarded intrusion protection system. Snort's mascot is a pig and Sourcefire has, over the years, had a lot of fun with toy pigs and calendars picturing its pig in provocative poses.
That silliness is, happily, continuing now that Cisco owns the company. So is Snort's status as an open source project, Snort remains open source. That approach won't stop Cisco using the tool as “the foundation of Cisco’s Next-Generation IPS”, so Snort 3 will eventually become Borgware. Serious work is also going on, as it's been revealed that Snort 3.0 is now in Alpha after having been completely re-written in order “to push the envelope of detection farther and faster.”
So fast it can fly? Who knows. Supposing it might get into the air gave us a fun headline and lede, so we'll take it. Sourcefire hopes you'll take the new code out for a spin, too, exhorting testers to do their worst in the hopes of learning what needs to be done to improve the Alpha.
The new version is said to be the result of ideas Sourcefire founder Marty Roesch had back in about 2005, but which proved tricky to implement without a complete Snort re-write. The resulting code is yours to peruse on GitHub and is said to “make it as easy as possible for people to learn and run Snort – that means no more configuring memory, ports, arguments, etc”.
Snort 3 is also said to offer simplified rules and rule-making processes and generally to have made been made more pleasant to use and more robust.
Don't expect a complete version for a while: the Sourcefire and Cisco crews suggest several months of bacon alpha and beta releases will be needed before Snort reaches a final version 3.0. ®