Snort mailing list archives

Is there anyone use Spirent or BreakingPoint to test Snort?

From: "xnhp0320" <xnhp0320 () gmail com>
Date: Tue, 9 Mar 2010 10:50:20 +0800

I've tested the Snort using the Spirent ThreatEx and BreakingPoint.

Snort version is 2.8.4.1. The newest VRT ruleset is used. All the preprocessors' configurations are left at their 
defaults.

Spirent ThreatEx supports over 3000 types of attacks, Snort only detects 80 types of attacks. 
BreakingPoint supports over 3000 types of attack, Snort only detects  no more than 40 types of attacks.
Both of the two tests generate massive amouts of preprocessor alerts.

Was I doing something wrong?
Should I use the EmergingThreat ruleset?



2010-03-09 



xnhp0320

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Is there anyone use Spirent or BreakingPoint to test Snort? xnhp0320 (Mar 08)
- Re: Is there anyone use Spirent or BreakingPoint to test Snort? Martin Roesch (Mar 08)
- Re: Is there anyone use Spirent or BreakingPoint to test Snort? Mark W. Jeanmougin (Mar 09)