[Snort-users] Fw: re: darpa dataset problem(zero alert)
mehdimlk2003 at ...131...
Thu Aug 7 01:56:42 EDT 2014
I've tested snort with adding general rule such (alert icmp any any -> any any (msg: "test";sid=) ) and it working well in generating alert but with default rule set it generate no alert for darpa dataset pcap files!
it seems default rule set doesn't generate even one alert for old darpa dataset. i don't know why?
I’ve read faq but there is any solution for my problem. I’ve used
registered user rule set.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users