A group that earlier this year offered for sale the source code of a popular intrusion detection system now is selling what it says is a copy of the source code for a recent version of Cisco Systems Inc.'s PIX firewall.

A member of the Source Code Club, which first surfaced in July, posted a message to a Usenet newsgroup last week saying that the group is now selling the code for the PIX 6.3.1 firewall firmware for $24,000. Cisco, based in San Jose, Calif., released a newer version of the firmware this summer.

In the posting advertising the code for sale, the group claims that buyers will get all the files necessary to compile their own images of the firmware, which then can be loaded onto PIX firewalls. The posting says the full code file is 37.5MB and can be purchased either in whole or in 20 separate chunks for $1,200 each.

"With the ubiquity of [PIX] devices these days, we see a huge market for such code," the posting says. "Many intelligence agencies/government organizations will want to know if those 1's and 0's in the [PIX] image really are doing what was advertised. You must ask yourself how well you trust the [PIX] images you download to your appliance from Cisco.com."

A Cisco spokesperson said the company is aware of the situation and is investigating it.

In July, the Source Code Club first announced its presence in a message to the Full Disclosure security mailing list in which it offered for sale the source code to an older version of Enterasys Networks Inc.'s Dragon Intrusion Defense System software. The asking price then was $16,000, and Enterasys officials confirmed that the files listed on the group's Web site did appear to correspond to file names in the Dragon 6.1 software. In its most recent posting, the club says the price for Dragon code is now $19,200.

In an interview in July, a member of the Source Code Club going by the name of Larry Hobbles said the group had obtained the Dragon code as well as the Napster client and server source code through remote penetrations of the respective companies' networks.

"We know what we are doing," Hobbles said at the time. "Our motivation for selling the property is money and to put our skills to use. We do not only offer source code; there are many hacking services that we provide. We do not wish to continue offering source code publicly, but it is something that must be done initially."