[Oisf-devel] OpenBSD Suricata (again) and P2P detection
Victor Julien
victor at inliniac.net
Thu May 31 14:42:59 UTC 2012
On 05/31/2012 03:30 PM, Henri Wahl wrote:
> Hello world,
> after finally managing to run Suricata 1.3 on OpenBSD - thanks to all of
> you who helped me - I am now running Suricata and Snort in parallel to
> compare detection and overall performance.
> In my opinion Suricata does a pretty good job, but only fails in
> detecting P2P traffic caused by Bittorrent clients and the likes. Where
> Snort immediately detects P2P packets (which allow me to block them with
> a snortsam-like construction) Suricata keeps silence. I use the
> p2p.rules and emerging-p2p.rules, now the identical ones (Snort/Suricta)
> and before the Suricata optimized ones from Emerging Threads but the
> result is always the same - silence.
> Is something like this known or has anybody another direction for me
> where to look for?
Can you share an entry from your stats.log?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list