[Snort-devel] accurate snort profiles

Daniel Roelker droelker at ...402...
Fri Jan 31 07:55:04 EST 2003


Snort 2.0 (cvs HEAD) has had significant changes made to the detection
engine, and probably has no resemblance to the 1.9 profile.  It would be
interesting to see the differences between the two.

Thanks a lot, and let us know what you find out.

Dan

On 1/31/03 6:33 AM, "Gianni Tedesco" <gianni at ...1804...> wrote:

> Hi,
> 
> I've started doing some benchmarks and profiles of firestorm IDS, and
> while I was at I thought, hell, may as well run snort through here as
> well.
> 
> Results of my first run are here:
> http://www.scaramanga.co.uk/firestorm/developer/profile-snort190-2003-01-31
> 
> Software is snort-1.9.0 (no modifications) running against a lincoln
> labs data file (396MB) on linux-2.5.59 on a celeron 1.2GHz. Profiler is
> oprofile - an accurate full system hardware-assisted profiler
> (http://oprofile.sf.net). I used all the default snort rules. tcp stream
> reassembly is disabled.
> 
> This is just a preliminary run and I haven't finalised the testbed yet.
> Once I have, I will post full configs, rules, compiled binaries, links
> to the exact data files, full software and hardware setup etc.
> 
> Any comments or suggestions, what would be the most useful version of
> snort to use, should I grab CVS versions? Any comments on what rulesets
> or data i should be using.
> 
> PS. Please CC, im not on the list.
> 
> Happy Hacking.

-- 
Daniel Roelker
Software Engineer
droelker at ...402...

www.sourcefire.com
www.snort.org







More information about the Snort-devel mailing list