[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

Joel Esler jesler at ...402...
Tue Sep 21 19:12:35 EDT 2010


OpenPacket.org has some.

On Fri, Sep 17, 2010 at 5:35 PM, Will Metcalf <william.metcalf at ...2499...>wrote:

> Here are some more up-to-date data sets...
>
>
> http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files
>
> Additionally have a look at...
>
> http://ictf.cs.ucsb.edu/data.php
>
> Anybody else have any other good ones?  I like pcaps... they make me
> happy.. ;-)
>
> Regards,
>
> Will
>
>
> On Fri, Sep 17, 2010 at 2:56 PM, Joel Ebrahimi <joel.ebrahimi at ...2499...>
> wrote:
> > He is referring to the DARPA pcaps for IDS testing. You can get more info
> here:
> >
> >    http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/
> >
> > Basically you are using the -r flag to specify you are reading from a
> > pcap file rather than an interface.
> >
> > // Joel
> >
> > On Fri, Sep 17, 2010 at 10:45 AM, Andres carrera
> > <protoss_black88 at ...445...> wrote:
> >>
> >>
> >>> Date: Fri, 17 Sep 2010 16:50:09 +0200
> >>> From: Bernhard.Guillon at ...3094...
> >>> To: protoss_black88 at ...445...
> >>> CC: snort-devel at lists.sourceforge.net
> >>> Subject: Re: [Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection
> >>>
> >>> On 17.09.2010 16:01, Andres Carrera Rivera wrote:
> >>> > I put preprocessor phad:
> >>> > training_time 446400
> >>> >
> >>> >
> >>> > on the snort.conf file, but when running snort, I got this ERROR:
> >>> > Unknown preprocessor: "phad"
> >>> >
> >>> > snort, doesn't recognize PHAD?
> >>> > How can I solve this problem..
> >>> >
> >>> >
> >>>
> >>> Ah, I forgot to add plugbase.c to my patch. I just fixed it and
> uploaded
> >>> the patch to the old location :)
> >>
> >> ok so its the same file, in the same location, right?
> >>
> >> snort-2.8.6-spp_phad.diff, right?
> >> and patch it as always
> >>
> >>
> >>> Just redo the steps including the download.
> >>>
> >>> with
> >>>
> >>> preprocessor phad: training_time 14400
> >>>
> >>> and the DARPA set [1] (using -r switch) you will get some nice alerts
> :)
> >>>
> >>> Best regards
> >>> Bernhard Guillon
> >>>
> >>> 1
> >>>
> >>>
> http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz
> >>>
> >>
> >> Mmm I havent Work with the DARPA, How can I use, It work with snort Too?
> >>
> >> thanks, Andres Carrera
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Start uncovering the many advantages of virtual appliances
> >> and start using them to simplify application deployment and
> >> accelerate your shift to cloud computing.
> >> http://p.sf.net/sfu/novell-sfdev2dev
> >> _______________________________________________
> >> Snort-devel mailing list
> >> Snort-devel at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/snort-devel
> >>
> >>
> >
> >
> ------------------------------------------------------------------------------
> > Start uncovering the many advantages of virtual appliances
> > and start using them to simplify application deployment and
> > accelerate your shift to cloud computing.
> > http://p.sf.net/sfu/novell-sfdev2dev
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100921/c57b65f5/attachment.html>


More information about the Snort-devel mailing list