Snort mailing list archives
Catch rate testing with VRT free ruleset
From: Andrea Romagnoli <andrea.romagnoli () it telecomitalia it>
Date: Thu, 28 Jul 2016 17:56:08 +0200
Hello everyone. We installed Snort 2.9.8.3 (Build 383) with PF_RING on a server with 2 Xeon CPU, 256GB RAM and Ubuntu 14.04.1: our aim is to test Snort in IPS inline mode using IXIA's Breaking Point (traffic generator) We are doing a catch rate testing using updated VRT Free ruleset. Trying hundreds attacks ordered by year (from 2008 to 2015) we reached a catch rate of approximately ~45% (lower: 34.83% with 2008 attacks, higher: 47.08% with 2015 attacks). In our testbed we enabled all rulesets and we put them in "reject" mode. Do you think that those results are reasonable for a free ruleset such as VRT Free, or we could do a bit more? What results we could expect with VRT Pro? Best regards, Andrea ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Catch rate testing with VRT free ruleset Andrea Romagnoli (Jul 28)
- Re: Catch rate testing with VRT free ruleset Joel Esler (jesler) (Jul 28)
- R: Catch rate testing with VRT free ruleset Romagnoli Andrea (Jul 29)
- Re: Catch rate testing with VRT free ruleset Joel Esler (jesler) (Jul 28)