[Snort-devel] Test program to generate packets from signatures?

Dan Zerkle dzerkle at ...1242...
Mon Apr 8 17:13:20 EDT 2002


I would like to do some comprehensive IDS signature coverage testing.

To do this, I'd like to read in some recent Snort signatures and then
generate a packet from each one (and write it to a TCPDump file or the
Ethernet).  Each packet would contain the characteristics described by the
corresponding signature.  So, feeding this dump file back to Snort should
trigger every single signature (if it's working properly).

This isn't as good as actually generating all the attacks, but it would sure
save time over downloading hundreds of hacker tools and running them.  The
dump file can also be used to exercise other sensors for comparison
purposes.

Does anyone know if such a testing tool exists?  Yes, I could write it
myself, but it would save a lot of time if someone else has done something
similar....

-Dan






More information about the Snort-devel mailing list