[Snort-devel] Test program to generate packets from signatures?

counter.spy at ...578... counter.spy at ...578...
Thu Apr 11 08:37:13 EDT 2002


Hi there!
Don't know "Snot", hum? (Yes, Snot *not* Snort ;)
Eats snortrules file, generates packets, needs libnet, runs like hell.
You can literally flood any IDS with it's output.
See:
http://www.sec33.com/sniph/snot-0.92a.tar.gz

Hope that helps.
Greetings,
D.Liesen

From: "Dan Zerkle" <dzerkle at ...1242...>
To: <snort-devel at lists.sourceforge.net>
Date: Mon, 8 Apr 2002 17:09:59 -0700
Subject: [Snort-devel] Test program to generate packets from signatures?

I would like to do some comprehensive IDS signature coverage testing.

To do this, I'd like to read in some recent Snort signatures and then
generate a packet from each one (and write it to a TCPDump file or the
Ethernet).  Each packet would contain the characteristics described by the
corresponding signature.  So, feeding this dump file back to Snort should
trigger every single signature (if it's working properly).

This isn't as good as actually generating all the attacks, but it would sure
save time over downloading hundreds of hacker tools and running them.  The
dump file can also be used to exercise other sensors for comparison
purposes.

Does anyone know if such a testing tool exists?  Yes, I could write it
myself, but it would save a lot of time if someone else has done something
similar....

-Dan





-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-devel mailing list