Snort mailing list archives
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 21 Sep 2010 19:12:35 -0400
OpenPacket.org has some. On Fri, Sep 17, 2010 at 5:35 PM, Will Metcalf <william.metcalf () gmail com>wrote:
Here are some more up-to-date data sets... http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files Additionally have a look at... http://ictf.cs.ucsb.edu/data.php Anybody else have any other good ones? I like pcaps... they make me happy.. ;-) Regards, Will On Fri, Sep 17, 2010 at 2:56 PM, Joel Ebrahimi <joel.ebrahimi () gmail com> wrote:He is referring to the DARPA pcaps for IDS testing. You can get more infohere:http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/ Basically you are using the -r flag to specify you are reading from a pcap file rather than an interface. // Joel On Fri, Sep 17, 2010 at 10:45 AM, Andres carrera <protoss_black88 () hotmail com> wrote:Date: Fri, 17 Sep 2010 16:50:09 +0200 From: Bernhard.Guillon () opensimpad org To: protoss_black88 () hotmail com CC: snort-devel () lists sourceforge net Subject: Re: [Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection On 17.09.2010 16:01, Andres Carrera Rivera wrote:I put preprocessor phad: training_time 446400 on the snort.conf file, but when running snort, I got this ERROR: Unknown preprocessor: "phad" snort, doesn't recognize PHAD? How can I solve this problem..Ah, I forgot to add plugbase.c to my patch. I just fixed it anduploadedthe patch to the old location :)ok so its the same file, in the same location, right? snort-2.8.6-spp_phad.diff, right? and patch it as alwaysJust redo the steps including the download. with preprocessor phad: training_time 14400 and the DARPA set [1] (using -r switch) you will get some nice alerts:)Best regards Bernhard Guillon 1http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gzMmm I havent Work with the DARPA, How can I use, It work with snort Too? thanks, Andres Carrera------------------------------------------------------------------------------Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel------------------------------------------------------------------------------Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Fwd: Re: Snort Anomaly Detection, (continued)
- Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 14)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 14)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres carrera (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Ebrahimi (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Will Metcalf (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Esler (Sep 21)