[Snort-devel] legit network-traffic generating tool?
sjthakkar at ...398...
Thu Apr 29 01:30:06 EDT 2004
Hi Ravi and Everyone,
Pardon my ignorance as a newbie to this area, but as
far as I get it:
-Nessus would help me generate an "attack" test.
-HammerHead would help me generate HTTP traffic only
(again like an "attack" traffic).
-Nikto & Mutate2: I couldn't understand this quite but
it again may be in the same "attack"-traffic
Rather than these, wouldn't a "background" traffic
(and not an "attack" traffic) be good to test how much
my IDS plugin leads to false-positives?
I read a few (open-ended-problems) discussions on
Neohapsis, but conclusively couldn't find such a tool
Please enlighten more and help me :)
--- Ravi <ravivsn at ...2125...> wrote:
> To simulate real webtraffic and thereby test Snort
> plugin use
> - nessus, the vulnerability scanner to send
> attack packets
> - HammerHead, a tool that can act as HTTP client
> and generates huge
> traffic at a time. It will stress your network with
> lots of genuine http
> requests. Or you can use hardware boxes like
> - To send packets to evade IDS, use nikto or
> ROCSYS Technologies Ltd.,
> siddharth thakkar wrote:
> >Just curious if anyone knows some tool or program
> >which I could use to create "realistic"
> >network-traffic including some http, ftp, long file
> >downloads, etc.? Basically, I need something that
> >simulate real web-activity.
> >I have coded a worm-detecting preprocessor plugin
> >Snort, but I want such a traffic-generating tool to
> >test how well my Snort plugin detects the kind of
> >worms its made for...and may be eliminate
> >Let me know if anyone knows such a program out
> >which can help stress test my network with such
> >legitimate traffic (in addition to my worm code
> >I'll be running).
> >I'm looking through sourceforge, but haven't
> >anything relevant. (except may be
> >Thanks in advance, (hope I explained it well, let
> >know if I haven't :) )
> >~Siddharth Thakkar
> >Univ. of Southern California.
> >I don't know half of you half as well as I should
> like; and I like less
> >than half of you half as well as you deserve.
> >-- J. R. R. Tolkien, The Fellowship of the Ring
> >Do you Yahoo!?
> >Win a $20,000 Career Makeover at Yahoo! HotJobs
> >This SF.Net email is sponsored by: Oracle 10g
> >Get certified on the hottest thing ever to hit the
> market... Oracle 10g.
> >Take an Oracle 10g class now, and we'll give you
> the exam FREE.
> >Snort-devel mailing list
> >Snort-devel at lists.sourceforge.net
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the
> market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the
> exam FREE.
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
I don't know half of you half as well as I should like; and I like less
than half of you half as well as you deserve.
-- J. R. R. Tolkien, The Fellowship of the Ring
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
More information about the Snort-devel