Snort mailing list archives

Previous By Date Next
Previous By Thread Next

low detection rate

From: mehdi maleki <mehdimlk2003 () yahoo com>
Date: Tue, 4 Aug 2015 12:57:41 -0700
hi

I've installed snort(security onion) with snortrules-snapshot-2973.tar.gz and community-rules.tar.tar

ruleset. then i tcpreplay darp dataset(inside & outside tcpdump files from Wednesday of week4 of 1999 darpa 
dataset:http://www.ll.mit.edu/ideval/data/1999/testing/week4/index.html). i checked snorby database for result. only 4 
of 21 attacks was detected(0.19 % detection rate). why detection rate is very low? darpa is old why snort can't detect 
old dataset well? shoud i change or tune something(how?).

Attachment: ATT_1438718224454_snort.conf
Description: 

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: