[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] 300 Comparative Tests Driven Against Suricata and Snort

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] 300 Comparative Tests Driven Against Suricata and Snort
From: Sebastien Damaye <sebastien.damaye@xxxxxxxxx>
Date: Thu, 14 Apr 2011 05:36:42 +0200

For years, Snort (developed and maintained by SourceFire) has been the de
facto standard for open source Intrusion Detection/Prevention Systems
(IDS/IPS). Its engine combines the benefits of signatures, protocols, and
anomaly-based inspection and has become the most widely deployed IDS/IPS in
the world.

Suricata, a new and less widespread product developed by the Open
Information Security Foundation (OISF), has recently appeared, and seems
really promising. It is also based on signatures but integrates
revolutionary techniques. This engine embeds a HTTP normalizer and parser
(HTP library) that provides very advanced processing of HTTP streams,
enabling the understanding of traffic on the 7th level of the OSI model.

More than 300 tests have been conducted against two platforms receiving the
same payloads. Based on these tests, conclusions will be discussed to
present the advantages and limitations of these two products.

Read more here: http://www.aldeid.com/index.php/Suricata-vs-snort

-- 
Cordialement/Regards,

Sébastien Damaye
http://www.aldeid.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] how would browser vendors deal with $O(10^k)$ fake certs?
Next by Date: [Full-disclosure] Hacking The Trading Floor Talk code wanted
Previous by thread: [Full-disclosure] CA20110413-01: Security Notice for CA Total Defense
Next by thread: [Full-disclosure] Hacking The Trading Floor Talk code wanted
Index(es):
- Date
- Thread