[Snort-sigs] Triggering a complex snort rule (packet forging)
wkitty42 at ...3507...
Tue Apr 2 11:37:43 EDT 2013
On 4/2/2013 08:11, lists at ...3397... wrote:
> Welcome to the IDS fun :) I'd just stand up a webserver you can control over
> and craft the pages to send the payload you're attempting to match on. This is
> what I do and it's much easier than packet forging. Also, consider too, this is
> as close as you can get to real world examples of the content you're trying to
> match on. You're behaving exactly as a webserver should and you don't need to
> worry about false negatives or false positives as a result of packet
> forging/crafting on the wire.
More information about the Snort-sigs