[Snort-users] [sniph00 at ...1688...: Announce: snot 0.85a released]
roesch at ...421...
Fri Apr 6 23:56:57 EDT 2001
Saw it, nice to be loved... :)
> FYI :)
> ----- Forwarded message from sniph <sniph00 at ...1688...> -----
> From: sniph <sniph00 at ...1688...>
> Date: Tue, 27 Mar 2001 02:20:50 -0800
> To: FOCUS-IDS at ...220...
> Subject: Announce: snot 0.85a released
> Reply-To: sniph <sniph00 at ...1688...>
> Announcing the release of snot 0.85a, a general
> purpose snort alert generator and all round nids decoy
> Download snot from http://www.geocities.com/sniph00
> snot allows unix and windows users to trigger
> arbitrary snort alerts, by reading a snort rules file.
> source and destination addresses can be overridden at
> the command line, or read as input from the snort
> rules. It requires libnet to be installed, and on
> windows also the pcap driver from Politecnico di
> Torino. Read the readme.txt for more information.
> This tool has been known to annoy your system
> administrator, fill peoples hard disks, make it
> terribly frustrating to identify attackers, and kill
> realsecure sensors.
> It is alpha code, and whilst it has been tested to run
> cleanly on nt4, nt2k, redhat and openbsd, it still has
> bugs - if you find them, i'll try and fix them.
> If anyone has any mechanisms for getting the triggers
> out of realsecure, NetworkICE, or any other NIDS,
> please mail me.
> How is the NIDS industry going to fix this? Stateful
> inspection for tcp.. NIDS behind firewall.. make
> triggers response based only.. only one thing is for
> sure, pattern matching is only part of the solution.
> Please contact me for all suggestions, patches,
> comments or abuse at sniph00 at ...131...
> thanks to 3rr0r for help getting this to market,
> Victoria Bitter for helping delay this, and that guy
> that wrote stick for beating me to the punch.
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> ----- End forwarded message -----
> PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users