[Oisf-devel] OpenBSD Suricata (again) and P2P detection
Henri Wahl
h.wahl at ifw-dresden.de
Thu May 31 13:30:48 UTC 2012
Hello world,
after finally managing to run Suricata 1.3 on OpenBSD - thanks to all of
you who helped me - I am now running Suricata and Snort in parallel to
compare detection and overall performance.
In my opinion Suricata does a pretty good job, but only fails in
detecting P2P traffic caused by Bittorrent clients and the likes. Where
Snort immediately detects P2P packets (which allow me to block them with
a snortsam-like construction) Suricata keeps silence. I use the
p2p.rules and emerging-p2p.rules, now the identical ones (Snort/Suricta)
and before the Suricata optimized ones from Emerging Threads but the
result is always the same - silence.
Is something like this known or has anybody another direction for me
where to look for?
Thank you very much + regards
Henri Wahl
--
Henri Wahl
IT Department
Leibniz-Institut für Festkörper- u.
Werkstoffforschung Dresden
tel. (03 51) 46 59 - 797
email: h.wahl at ifw-dresden.de
http://www.ifw-dresden.de
Nagios status monitor for your desktop:
http://nagstamon.ifw-dresden.de
IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4719 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120531/aada06b0/attachment.bin>
More information about the Oisf-devel
mailing list