[Snort-sigs] How to simulate attacks using CASL
mkettler at ...189...
Tue Feb 3 10:19:09 EST 2004
At 08:22 AM 2/3/2004, Bini Mary Thomas wrote:
> i was trying to simulate security attacks with CASL. My problem
>is that i cannot simulate attacks which has to make an established TCP
>connection. Kernel is not letting to complete the handshake.for the
>initial SYN packet i am getting reply(SYN and ACK set) from server.but
>then, the client kernel is sending a RST in the reply..
> is there a way to stop the packet from going to the kernel in
>CASL? so that the kernel will not sent a reset ....
1) this belongs on snort-users, not snort-sigs. Just a FYI for future postings.
2) I'd suggest using IPTables, IPF, or whatever your local kernel-level
firewall tool is to force the system to silently drop the syn-ack packets
before sending them to the IP stack. Since CASL uses wire-level sniffing
(just like snort does) it will still see the syn-ack packets, even if
iptables/ipf/whatever kills it.
More information about the Snort-sigs