Snort mailing list archives
low detection rate
From: mehdi maleki <mehdimlk2003 () yahoo com>
Date: Tue, 4 Aug 2015 12:57:41 -0700
hi I've installed snort(security onion) with snortrules-snapshot-2973.tar.gz and community-rules.tar.tar ruleset. then i tcpreplay darp dataset(inside & outside tcpdump files from Wednesday of week4 of 1999 darpa dataset:http://www.ll.mit.edu/ideval/data/1999/testing/week4/index.html). i checked snorby database for result. only 4 of 21 attacks was detected(0.19 % detection rate). why detection rate is very low? darpa is old why snort can't detect old dataset well? shoud i change or tune something(how?).
Attachment:
ATT_1438718224454_snort.conf
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- low detection rate mehdi maleki (Aug 04)