IDS mailing list archives

Re: Karalon test report on Snort

From: Stefano Zanero <zanero () elet polimi it>
Date: Sat, 01 Sep 2007 14:30:17 +0200

Surya Batchu wrote:

Hi,

Karalon Traffic IQ Pro can be used to test attack/exploit detection
capabilities of IDS/IPS systems.  I am interested in knowing SNORT
IDS detection capabilities and its coverage when Traffic IQ Pro
system is used.


Since Snort is (substantially) a misuse-based system, a detection rate
figure will tell you nothing (or close-to-nothing) useful about it.

Detection Rate and False Positive Rate are a good way to score anomaly
detectors, but are not useful to score misuse detectors.

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Re: Karalon test report on Snort Vijay K (Sep 04)
- <Possible follow-ups>
- Re: Karalon test report on Snort Stefano Zanero (Sep 04)
- Re: Karalon test report on Snort Abhishek Bhuyan (Sep 05)
- Re: Re: Karalon test report on Snort jason (Sep 06)