[Snort-sigs] Triggering a complex snort rule (packet forging)

waldo kitty wkitty42 at ...3507...
Tue Apr 2 11:37:43 EDT 2013


On 4/2/2013 08:11, lists at ...3397... wrote:
> Welcome to the IDS fun :)  I'd just stand up a webserver you can control over
> and craft the pages to send the payload you're attempting to match on.  This is
> what I do and it's much easier than packet forging.  Also, consider too, this is
> as close as you can get to real world examples of the content you're trying to
> match on.  You're behaving exactly as a webserver should and you don't need to
> worry about false negatives or false positives as a result of packet
> forging/crafting on the wire.

+1 :)





More information about the Snort-sigs mailing list