Snort mailing list archives
Is there anyone use Spirent or BreakingPoint to test Snort?
From: "xnhp0320" <xnhp0320 () gmail com>
Date: Tue, 9 Mar 2010 10:50:20 +0800
I've tested the Snort using the Spirent ThreatEx and BreakingPoint. Snort version is 2.8.4.1. The newest VRT ruleset is used. All the preprocessors' configurations are left at their defaults. Spirent ThreatEx supports over 3000 types of attacks, Snort only detects 80 types of attacks. BreakingPoint supports over 3000 types of attack, Snort only detects no more than 40 types of attacks. Both of the two tests generate massive amouts of preprocessor alerts. Was I doing something wrong? Should I use the EmergingThreat ruleset? 2010-03-09 xnhp0320
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is there anyone use Spirent or BreakingPoint to test Snort? xnhp0320 (Mar 08)
- Re: Is there anyone use Spirent or BreakingPoint to test Snort? Martin Roesch (Mar 08)
- Re: Is there anyone use Spirent or BreakingPoint to test Snort? Mark W. Jeanmougin (Mar 09)