[Snort-sigs] Strange question
mkettler at ...189...
Wed Apr 23 10:45:02 EDT 2003
Erm, why do you want viruses to test a firewall? Viruses aren't even
relevant to a firewall anyway.. they infect executables, firewalls block
network attacks. Perhaps you meant worms?
In general using self-replicating code (ie: worms or viruses) as a "test"
is an extremely reckless and dangerous thing to do.. It's a lot like
pouring a can of gas on the floor and lighting it to see if the
fire-sprinkler system works. Even if the floor is concrete, there's still
much safer tests out there.
Might I suggest looking at nessus scanner or something of the like instead?
There are lots of tools out there that use the same attacks as network
worms (which I assume is what you really want) and only manually so they
won't spread out of control if you accidentally mis-step.
Certainly in your case, it sounds like you're not quite up to the task of
testing with self-replicating code. It's VERY easy to screw up. When
professionals (ie: antivirus writers) that do test with live code run their
tests, they use a separate quarantined network that isn't connected to any
part of the internet in any way. They do it because even a trained
professional that handles worms every day can make a mistake and the risks
of infecting other networks is high.
At 09:01 AM 4/23/2003 -0700, Bryan Irvine wrote:
>I'd like to test out the snort rules I have in place, and download some
>viruses (windows only viruses as I'm on Linux), but after some googling
>I've found (rather expectedly) that no one wants to make viruses
>available for download. Does anyone have an archive of viruses that I
>could download to test the firewall?
More information about the Snort-sigs