[Snort-users] Is there anyone use Spirent or BreakingPoint to test Snort?

xnhp0320 xnhp0320 at ...11827...
Mon Mar 8 21:50:20 EST 2010


I've tested the Snort using the Spirent ThreatEx and BreakingPoint.

Snort version is 2.8.4.1. The newest VRT ruleset is used. All the preprocessors' configurations are left at their defaults.

Spirent ThreatEx supports over 3000 types of attacks, Snort only detects 80 types of attacks. 
BreakingPoint supports over 3000 types of attack, Snort only detects  no more than 40 types of attacks.
Both of the two tests generate massive amouts of preprocessor alerts.

Was I doing something wrong?
Should I use the EmergingThreat ruleset?



2010-03-09 



xnhp0320 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100309/1b047259/attachment.html>


More information about the Snort-users mailing list