[Oisf-devel] OpenBSD Suricata (again) and P2P detection

Peter Manev petermanev at gmail.com
Thu May 31 14:48:03 UTC 2012


On Thu, May 31, 2012 at 4:42 PM, Victor Julien <victor at inliniac.net> wrote:

> On 05/31/2012 03:30 PM, Henri Wahl wrote:
> > Hello world,
> > after finally managing to run Suricata 1.3 on OpenBSD - thanks to all of
> > you who helped me - I am now running Suricata and Snort in parallel to
> > compare detection and overall performance.
> > In my opinion Suricata does a pretty good job, but only fails in
> > detecting P2P traffic caused by Bittorrent clients and the likes. Where
> > Snort immediately detects P2P packets (which allow me to block them with
> > a snortsam-like construction) Suricata keeps silence. I use the
> > p2p.rules and emerging-p2p.rules, now the identical ones (Snort/Suricta)
> > and before the Suricata optimized ones from Emerging Threads but the
> > result is always the same - silence.
> > Is something like this known or has anybody another direction for me
> > where to look for?
>
> Can you share an entry from your stats.log?
>
>
and some of the sids that do not alert?

> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120531/40b061bc/attachment-0002.html>


More information about the Oisf-devel mailing list