[Full-disclosure] 300 Comparative Tests Driven Against Suricata and Snort
- From: Sebastien Damaye <sebastien.damaye@xxxxxxxxx>
- Date: Thu, 14 Apr 2011 05:36:42 +0200
For years, Snort (developed and maintained by SourceFire) has been the de
facto standard for open source Intrusion Detection/Prevention Systems
(IDS/IPS). Its engine combines the benefits of signatures, protocols, and
anomaly-based inspection and has become the most widely deployed IDS/IPS in
Suricata, a new and less widespread product developed by the Open
Information Security Foundation (OISF), has recently appeared, and seems
really promising. It is also based on signatures but integrates
revolutionary techniques. This engine embeds a HTTP normalizer and parser
(HTP library) that provides very advanced processing of HTTP streams,
enabling the understanding of traffic on the 7th level of the OSI model.
More than 300 tests have been conducted against two platforms receiving the
same payloads. Based on these tests, conclusions will be discussed to
present the advantages and limitations of these two products.
Read more here: http://www.aldeid.com/index.php/Suricata-vs-snort
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] how would browser vendors deal with $O(10^k)$ fake certs?
- Next by Date: [Full-disclosure] Hacking The Trading Floor Talk code wanted
- Previous by thread: [Full-disclosure] CA20110413-01: Security Notice for CA Total Defense
- Next by thread: [Full-disclosure] Hacking The Trading Floor Talk code wanted