[Snort-sigs] low detection rate

mehdi maleki mehdimlk2003 at ...144...
Tue Aug 4 15:57:41 EDT 2015


I've installed snort(security onion) with snortrules-snapshot-2973.tar.gz and community-rules.tar.tar

ruleset. then i tcpreplay darp dataset(inside & outside tcpdump files from Wednesday of week4 of 1999 darpa dataset:http://www.ll.mit.edu/ideval/data/1999/testing/week4/index.html). i checked snorby database for result. only 4 of 21 attacks was detected(0.19 % detection rate). why detection rate is very low? darpa is old why snort can't detect old dataset well? shoud i change or tune something(how?).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150804/5261bc53/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ATT_1438718224454_snort.conf
Type: x-unknown/vnd.com.yahoo.client.android.mail.attachments
Size: 23577 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150804/5261bc53/attachment.bin>

More information about the Snort-sigs mailing list