nhnghia
commented
1 year ago I think that the cause can be this parameter: By default, MMT-Probe will ignore the security verification on the left of an IP flow when an alert is detected. This is to say that it raises at most one alert per IP flow.
Can you try again within new value, e.g.,: ignore-remain-flow = false
Frankccv
I tried to test mmt-sec-standalone and probe with the same pcap. This pcap shows a flooding attack of get requests. The commands that I tried were ./probe -t flooding_get.pcapng And ./mmt-sec-stadalone -t flooding_get..pcapng
And as a result I obtain two differents output. MMT-Security rises 19 alerts while Probe rises only 1 alert, as in the images attached.