Re: SNORT Testing
- From: Stefano Zanero <zanero@xxxxxxxxxxxxxx>
- Date: Sat, 25 Feb 2006 12:12:55 +0100
sshamay@xxxxxxxxxxxxxxxx wrote:
We are doing some performance tests on “snort” .
Good luck !
The tests are focused on measuring the throughput rates of snort under different mixture of traffic (good traffic + a percentage of malicious traffic)
"I have no idea which is a good performance measure for an IDS, but I
have an exact idea which ISN'T the right one: packets per second".
I am citing from memory, so I might be wrong, but this is a famous quote
by Marcus Ranum, which I wholeheartedly adhere to.
I need your help, how should be the test environment, which tools to use etc.
<shameless_plug>
You can see some tinkering on the matter from my presentation at Black
Hat Federal:
http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Zanero.pdf
</shameless_plug>
--
Cordiali saluti,
Stefano Zanero
Dottorando di Ricerca / Ph.D. Student
Politecnico di Milano - Dip. Elettronica e Informazione
E-mail: zanero@xxxxxxxxxxxxxx
Web: www.elet.polimi.it/upload/zanero
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- References:
- SNORT Testing
- From: sshamay
- SNORT Testing
- Prev by Date: Re: Tracking back internal incidents to users, not IPs
- Next by Date: Re: Testing IDS with tcpreplay
- Previous by thread: SNORT Testing
- Next by thread: Re: SNORT Testing
- Index(es):
Relevant Pages
|
