[Snort-users] Has anybody checked this out?

Jim Forster jforster at ...176...
Wed Jan 31 10:37:05 EST 2001


I'd have to agree with Dr. Suse on this one....  100,000 attacks and 0 from
us?  Something was not configured correctly when he did his testing.
I'd be interested to see the results if this test was run against one of our
Snort boxes.  :)

----- Original Message -----
From: "Dr SuSE" <drsuse at ...748...>
To: <shawn at ...1184...>; <snort-users at lists.sourceforge.net>;
<snort-devel at lists.sourceforge.net>
Sent: Tuesday, January 30, 2001 8:03 PM
Subject: Re: [Snort-users] Has anybody checked this out?


> Hmm, perhaps he forgot to include a rule set in his snort.conf file.
> I find it very hard to believe that out of 100,000 attacks Snort detected
zero.
> Could it be that the 100,000 attacks were the same and there simply was
not
> Snort signature for this particular attack or maybe there was but it
somehow
> got removed or commented out.....
>
>
>
> "No, that's not what I mean.
> I mean that last time I tried, Prelude reported more than
> 100000 attacks while Snort reported 0.
> Because Snort doesn't seem to detect theses low level attack.
> And AFAIK, Snort doesn't provide an API for stuff like state remembering
> for Detection Plugin (if they have plugin, last time I looked at it they
had
> not)."
>
>
> > http://www.freshmeat.net/projects/prelude/
> >
> >
> > --shawn
> >
> > --
> > s h a w n   m o y e r
> > shawn at ...1184...
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> >
>
>
>
>
> ---------------------------------------------
> Microsoft ist nicht installiert.
> http://www.drsuse.org/
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users





More information about the Snort-users mailing list