IDS mailing list archives
Re: SNORT Testing
From: Stefano Zanero <zanero () elet polimi it>
Date: Sat, 25 Feb 2006 12:12:55 +0100
sshamay () netvision net il wrote:
We are doing some performance tests on “snort” .
Good luck !
The tests are focused on measuring the throughput rates of snort under different mixture of traffic (good traffic + a percentage of malicious traffic)
"I have no idea which is a good performance measure for an IDS, but I have an exact idea which ISN'T the right one: packets per second". I am citing from memory, so I might be wrong, but this is a famous quote by Marcus Ranum, which I wholeheartedly adhere to.
I need your help, how should be the test environment, which tools to use etc.
<shameless_plug> You can see some tinkering on the matter from my presentation at Black Hat Federal: http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Zanero.pdf </shameless_plug> -- Cordiali saluti, Stefano Zanero Dottorando di Ricerca / Ph.D. Student Politecnico di Milano - Dip. Elettronica e Informazione E-mail: zanero () elet polimi it Web: www.elet.polimi.it/upload/zanero ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- SNORT Testing sshamay (Feb 24)
- Re: SNORT Testing Stefano Zanero (Feb 26)
- Re: SNORT Testing Byron Sonne (Feb 27)