|
|
|
|
Snort Forums Archive
Archive Home » Windows » Running SNORT on DARPA 1999 data set
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Running SNORT on DARPA 1999 data set
Posted by salom1234 on May 17, 2006 08:31:17
Hi ALL,
Is there anyone who has run the SNORT on DARPA 1999 training data of weeks 1 and 2. The problem is that SNORT generated lots of alarms but none from the listed attacks of week 2. What I am doing is
snort -r inside.tcpdump -c C:\snort\etc\snort.conf -l C:\snort\log\1
Am I doing it right? If no, please correct me...
If yes, then why SNORT could not detect any of the attacks labeled on week 2 of DARPA 1999 training data. Also, last information is that I am using only inside and outside tcpdump data of these two weeks.
thanks in advance.
regards
|
|
Posted by jamal on September 09, 2006 15:40:32
im having the same problem, any body got the probelm solved? |
|
Posted by jamal on September 12, 2006 03:20:24
the problem is that some rules in snort name attacks differently or some rules are more generic.
for example, land attack is DOS but its not found in dos rules folder. its found in bad traffic rules folder with a rule trying to find same ip source and destination (note: this is the signature of land attack) |
|
|
|
|
|
