[Snort-devel] Test program to generate packets from signatures?

Coochey, Giles g.coochey at ...482...
Fri Apr 12 00:36:03 EDT 2002


Try nessus - http://www.nessus.org

It has literally hundreds of attack signatures and vulnerability tests and
will trigger a good few rules on mosts IDSs.


> -----Original Message-----
> From: snort-devel-admin at lists.sourceforge.net
> [mailto:snort-devel-admin at lists.sourceforge.net]On Behalf Of
> counter.spy at ...578...
> Sent: 11 April 2002 16:31
> To: dzerkle at ...1242...
> Cc: snort-devel at lists.sourceforge.net
> Subject: [Snort-devel] Test program to generate packets from signatures?
>
>
> Hi there!
> Don't know "Snot", hum? (Yes, Snot *not* Snort ;)
> Eats snortrules file, generates packets, needs libnet, runs like hell.
> You can literally flood any IDS with it's output.
> See:
> http://www.sec33.com/sniph/snot-0.92a.tar.gz
>
> Hope that helps.
> Greetings,
> D.Liesen
>
> From: "Dan Zerkle" <dzerkle at ...1242...>
> To: <snort-devel at lists.sourceforge.net>
> Date: Mon, 8 Apr 2002 17:09:59 -0700
> Subject: [Snort-devel] Test program to generate packets from signatures?
>
> I would like to do some comprehensive IDS signature coverage testing.
>
> To do this, I'd like to read in some recent Snort signatures and then
> generate a packet from each one (and write it to a TCPDump file or the
> Ethernet).  Each packet would contain the characteristics described by the
> corresponding signature.  So, feeding this dump file back to Snort should
> trigger every single signature (if it's working properly).
>
> This isn't as good as actually generating all the attacks, but it
> would sure
> save time over downloading hundreds of hacker tools and running them.  The
> dump file can also be used to exercise other sensors for comparison
> purposes.
>
> Does anyone know if such a testing tool exists?  Yes, I could write it
> myself, but it would save a lot of time if someone else has done something
> similar....
>
> -Dan
>
>
>
>
>
> --
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list