Firewall – is there any real Difference between snort and suricata

Several years ago I reviewed several intrusion prevention systems .

I wanted to deploy something between a couple of locations and the corporate network.
The system was to provide an easy to manage and monitor (something that could be handed off to a second tier help desk person). Automated alarming and reporting were also needed.

The system that I ended up choosing was the IPS from Tipping Point. We still like it after being in place for several years. Our implementation includes the subscription to their Digital Vaccine, which pushes out vulnerability and exploit rules weekly.

The system has been very useful to watch what is going on (alert but take no action) as well as automatically block or quarantine systems.

This ended up being a very useful tool for locating and isolating malware infected computers as well as blocking bandwidth hogging or security policy related traffic without having to work with router access control lists.

http://www.tippingpoint.com/products_ips.html

A UNIX socket, AKA Unix Domain Socket, is an inter-process communication mechanism that allows bidirectional data exchange between processes running on the same machine.

IP sockets (especially TCP/IP sockets) are a mechanism allowing communication between processes over the network. In some cases, you can use TCP/IP sockets to talk with processes running on the same computer (by using the loopback interface).

UNIX domain sockets know that they’re executing on the same system, so they can avoid some checks and operations (like routing); which makes them faster and lighter than IP sockets. So if you plan to communicate with processes on the same host, this is a better option than IP sockets.

Edit: As per Nils Toedtmann's comment: UNIX domain sockets are subject to file system permissions, while TCP sockets can be controlled only on the packet filter level.