Snort mailing list archives
Re: Snort against DARPA 1999 Dataset
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 06 Nov 2012 23:35:59 -0500
On 11/6/2012 22:22, Zahra Hakimi wrote:
I don't know why should snort generate 99% alerts that less than 1% of them has source or destination IP address same as my configured HOME_NET (172.16.112.50). Are am right?
this depends on the rules you are running and what they are looking for... it is very easy to make snort detect all traffic or no traffic... would those then be true positives or false negatives? ;) the rules and what they look for are extremely important... especially if you consider that one might have HOME_NET and EXTERNAL_NET defined "backwards" which could very well give the opposite results from what they think they should be seeing... ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort against DARPA 1999 Dataset Zahra Hakimi (Nov 05)
- Re: Snort against DARPA 1999 Dataset Joel Esler (Nov 05)
- Re: Snort against DARPA 1999 Dataset Zahra Hakimi (Nov 05)
- Re: Snort against DARPA 1999 Dataset John York (Nov 06)
- Re: Snort against DARPA 1999 Dataset Zahra Hakimi (Nov 06)
- Re: Snort against DARPA 1999 Dataset Joel Esler (Nov 06)
- Re: Snort against DARPA 1999 Dataset Zahra Hakimi (Nov 06)
- Re: Snort against DARPA 1999 Dataset waldo kitty (Nov 06)
- Re: Snort against DARPA 1999 Dataset Zahra Hakimi (Nov 05)
- Re: Snort against DARPA 1999 Dataset Joel Esler (Nov 05)