IDS mailing list archives
Re: Karalon test report on Snort
From: Stefano Zanero <zanero () elet polimi it>
Date: Sat, 01 Sep 2007 14:30:17 +0200
Surya Batchu wrote:
Hi, Karalon Traffic IQ Pro can be used to test attack/exploit detection capabilities of IDS/IPS systems. I am interested in knowing SNORT IDS detection capabilities and its coverage when Traffic IQ Pro system is used.
Since Snort is (substantially) a misuse-based system, a detection rate figure will tell you nothing (or close-to-nothing) useful about it. Detection Rate and False Positive Rate are a good way to score anomaly detectors, but are not useful to score misuse detectors. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Karalon test report on Snort Vijay K (Sep 04)
- <Possible follow-ups>
- Re: Karalon test report on Snort Stefano Zanero (Sep 04)
- Re: Karalon test report on Snort Abhishek Bhuyan (Sep 05)
- Re: Re: Karalon test report on Snort jason (Sep 06)