[Snort-users] Has anybody checked this out?
jforster at ...176...
Wed Jan 31 10:37:05 EST 2001
I'd have to agree with Dr. Suse on this one.... 100,000 attacks and 0 from
us? Something was not configured correctly when he did his testing.
I'd be interested to see the results if this test was run against one of our
Snort boxes. :)
----- Original Message -----
From: "Dr SuSE" <drsuse at ...748...>
To: <shawn at ...1184...>; <snort-users at lists.sourceforge.net>;
<snort-devel at lists.sourceforge.net>
Sent: Tuesday, January 30, 2001 8:03 PM
Subject: Re: [Snort-users] Has anybody checked this out?
> Hmm, perhaps he forgot to include a rule set in his snort.conf file.
> I find it very hard to believe that out of 100,000 attacks Snort detected
> Could it be that the 100,000 attacks were the same and there simply was
> Snort signature for this particular attack or maybe there was but it
> got removed or commented out.....
> "No, that's not what I mean.
> I mean that last time I tried, Prelude reported more than
> 100000 attacks while Snort reported 0.
> Because Snort doesn't seem to detect theses low level attack.
> And AFAIK, Snort doesn't provide an API for stuff like state remembering
> for Detection Plugin (if they have plugin, last time I looked at it they
> > http://www.freshmeat.net/projects/prelude/
> > --shawn
> > --
> > s h a w n m o y e r
> > shawn at ...1184...
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> Microsoft ist nicht installiert.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users