[Snort-sigs] Snort Rules reply

Jose Maria Lopez Hernandez jkerouac at ...2755...
Mon Mar 21 03:13:00 EST 2005

El lun, 21-03-2005 a las 11:50 +0100, Kenneth Lobato Lastra (Halkon)
> Hi everybody,
> I want to reproduce "special" formed packets with content able to turn
> on all the rules of snort. My objetive is to pass this expert known of
> snort to another system in order to evaluate data.

If you have the captures in tcpdump format of the data that triggers
the rules you can use tcpreplay to 'replay' the stream of data into
the interface and make snort trigger the rules.

> I have read about snot, sticky, sneeze... and so on, but I wanted, first
> of all, ask if there is any other way to obtain this.

Snot it's quite old, but stick it's OK. There are other similar programs
that use the snort rules to check snort. But you can also use real
exploits or security checks to trigger the rules. If you want to use
real exploits you can use the Metasploit framework. If you want security
checks your best bets are Nessus and Nikto.

> Kenneth Lobato (aka Halkon)



Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...2755...
bgSEC Seguridad y Consultoria de Sistemas Informaticos

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

More information about the Snort-sigs mailing list