The beginning of Snort
Intrusion Detection Expert System (IDES) was one of the first IDS developed at SRI International in the late 1980s. By the 1990s, many innovative IDS were being used, including Network Anomaly Detection and Intrusion Reporter (NADIR) and Network Security Monitor (NSM). Network Flight Recorder (NFR) was one of the early systems that worked using the libpcap packet capture library, and NFR provided stateful packet inspection, misuse detection, and protocol anomaly detection. NFR was, however, a commercial system and was not available for use to the public. The Lawrence Berkeley National Laboratory released Bro in 1998 – a network IDS that also used libpcap; Bro specified policies and rules using a custom rule language.
In those days, around 1998, Martin Roesch created a program that filled an important ecological niche, in his own words, which he initially named APE and then renamed Snort. The author released Snort to the public under the General Public...
