hello all<br><br>i am doing some comparison between Snort and Suricata. i want to know which of the following metric can be supported by Suricata:<br><br>1- Method of detection: signature based, protocol-based, anomaly-based<br>
2- Throughput: can support all sessions?, can support all connections?<br>3- type of configuration: bridge mode, routing mode, hybrid mode<br>4- update<br>5- type of prevention: remove suspected packets, kill connection, set firewall rules<br>
6- preventing from attack to Suricata itself<br>7- support SNMP<br>8- average rate of false positive<br>9- ranking attacks: based on tensity of attacks, based on number of repeating attacks, based on type of attack<br>10- time of detection: can detect in real-time?<br>
11- time of prevention: can prevent in real-time?<br>12 which of the following application layer can support: HTTP, FTP, SMTP, POP3, VOIP, Instant Messaging, P2P<br>13- traffic normalization: can remove suspected part of a traffic?<br>
14- can support VLAN?<br>15- which of the following attack can support: Phishing, spyware, viruses and worms, Web and CGI, U2R, R2L<br><br>Cheers<br>