Snort mailing list archives

Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 21 Sep 2010 19:12:35 -0400

OpenPacket.org has some.

On Fri, Sep 17, 2010 at 5:35 PM, Will Metcalf <william.metcalf () gmail com>wrote:

Here are some more up-to-date data sets...


http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files

Additionally have a look at...

http://ictf.cs.ucsb.edu/data.php

Anybody else have any other good ones?  I like pcaps... they make me
happy.. ;-)

Regards,

Will


On Fri, Sep 17, 2010 at 2:56 PM, Joel Ebrahimi <joel.ebrahimi () gmail com>
wrote:

He is referring to the DARPA pcaps for IDS testing. You can get more info

here:


   http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/

Basically you are using the -r flag to specify you are reading from a
pcap file rather than an interface.

// Joel

On Fri, Sep 17, 2010 at 10:45 AM, Andres carrera
<protoss_black88 () hotmail com> wrote:

Date: Fri, 17 Sep 2010 16:50:09 +0200
From: Bernhard.Guillon () opensimpad org
To: protoss_black88 () hotmail com
CC: snort-devel () lists sourceforge net
Subject: Re: [Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

On 17.09.2010 16:01, Andres Carrera Rivera wrote:

I put preprocessor phad:
training_time 446400


on the snort.conf file, but when running snort, I got this ERROR:
Unknown preprocessor: "phad"

snort, doesn't recognize PHAD?
How can I solve this problem..


Ah, I forgot to add plugbase.c to my patch. I just fixed it and

uploaded

the patch to the old location :)


ok so its the same file, in the same location, right?

snort-2.8.6-spp_phad.diff, right?
and patch it as always

Just redo the steps including the download.

with

preprocessor phad: training_time 14400

and the DARPA set [1] (using -r switch) you will get some nice alerts

:)


Best regards
Bernhard Guillon

1

http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz


Mmm I havent Work with the DARPA, How can I use, It work with snort Too?

thanks, Andres Carrera

------------------------------------------------------------------------------

Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------

Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

Fwd: Re: Snort Anomaly Detection, (continued)
- Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 14)
  - Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
    - Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
    - Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
    - Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
  - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres carrera (Sep 17)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Ebrahimi (Sep 17)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Will Metcalf (Sep 17)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Esler (Sep 21)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 18)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
    - Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 20)

(Thread continues...)