Snort mailing list archives
RE: testing ids
From: Ashley Thomas <athomas () cc gatech edu>
Date: Fri, 14 Mar 2003 15:44:55 -0500 (EST)
There are 2 events -
1. Attack occurance
2. IDS generating an alert
Based on this we have 4 scenarios -
1. Attack occured; IDS alerted (Good for us :)
2. Attack occured; IDS did not alert - False negative
3. Attack did not occur; IDS alerted - False positive
4. Attack did not occur; IDS did not alert - We don't care!!
cheers
ashley
-Ashley Thomas (athomas () cc gatech edu)
On Fri, 14 Mar 2003, Jan van den Berg wrote:
What exactly do you mean with false-negative and false positives? I read all about it and cant seem to find the exact meaning of it... Regards, Jan van den Berg -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ashley Thomas Sent: Friday, March 14, 2003 1:37 PM To: Ray Ellington Cc: Julio; snort-users () lists sourceforge net Subject: RE: [Snort-users] testing ids Test for false-negative rate and false-positives as well. Use tools like snot also. What IDS are you testing ? -Ashley Thomas (athomas () cc gatech edu) On Fri, 14 Mar 2003, Ray Ellington wrote:I've got the attack scripts if you want them. I forgot where I gotthemfrom. -Ray -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Julio Sent: Friday, March 14, 2003 11:23 AM To: snort-users () lists sourceforge net Subject: [Snort-users] testing ids Hello, I beginner in IDS and I would like test my ids, what tool I can useforit? Any suggestion ? Thanks Julio------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- testing ids Julio (Mar 14)
- RE: testing ids Ray Ellington (Mar 14)
- RE: testing ids Ashley Thomas (Mar 14)
- RE: testing ids Jan van den Berg (Mar 14)
- RE: testing ids Ashley Thomas (Mar 14)
- RE: testing ids Ashley Thomas (Mar 14)
- RE: testing ids Ray Ellington (Mar 14)
- <Possible follow-ups>
- RE: testing ids Ray Ellington (Mar 14)
- testing ids Julio (Mar 17)
- RE: testing ids Brian Laing (Mar 17)
- RE: RE: testing ids Benjamin Hippler (Mar 17)
- Very Large IDS implementations (was Re: RE: testing ids) Bennett Todd (Mar 17)
- Re: Very Large IDS implementations (was Re: RE: testing ids) Andrea Barisani (Mar 17)
- Very Large IDS implementations (was Re: RE: testing ids) Bennett Todd (Mar 17)
- RE: RE: testing ids Benjamin Hippler (Mar 17)
- RE: RE: testing ids Miller, Eoin (Mar 17)
- RE: RE: testing ids Latha K (Mar 18)
- RE: testing ids Latha K (Mar 18)