Ugh, I like Snort, that's a reason that they should respect to keep Snort free

lol.... j/k

Snort has been missing commercial support until Marty Roesch started *fire <sorry, can't remember the exact name > yet Snort is considered limited compared to other IDSs.

One facility it has missed was the ability to

1)interact with attacks <lately changed with the --enable-flex-resp>
2)ability to drop an attack <like hogwash does>
3)ability to ask the fw to block an attacker permenantly <aka. SAMP for those familiar with CP>

Another really bad thing that I hate Snort for <hey, I don't hate as in I-wont-use-it, I mean it's a lack> is it's ignorance <similar to those FW vendors> that don't provide a programming language for it. NFR provides N-Code wich is similar to the concept of INSPECT for CP. N-Code allows me to do whatever I want with my IDS making sure that it would produce the lowest number of false-positives and negatives.

With that said, I consider Snort a perfect product

Note : I like this post, I think i will write a Snort resource for CP that uses SAMP to block intruders anyone interested?

etsh911