[Snort-users] [sniph00 at ...1688...: Announce: snot 0.85a released]

Martin Roesch roesch at ...421...
Fri Apr 6 23:56:57 EDT 2001


Saw it, nice to be loved... :)

   -Marty

Fyodor wrote:
> 
> FYI :)
> 
> ----- Forwarded message from sniph <sniph00 at ...1688...> -----
> 
> From: sniph <sniph00 at ...1688...>
> Date:         Tue, 27 Mar 2001 02:20:50 -0800
> To: FOCUS-IDS at ...220...
> Subject:      Announce: snot 0.85a released
> Reply-To: sniph <sniph00 at ...1688...>
> 
> Announcing the release of snot 0.85a, a general
> purpose snort alert generator and all round nids decoy
> tool.
> 
> Download snot from http://www.geocities.com/sniph00
> 
> snot allows unix and windows users to trigger
> arbitrary snort alerts, by reading a snort rules file.
> source and destination addresses can be overridden at
> the command line, or read as input from the snort
> rules. It requires libnet to be installed, and on
> windows also the pcap driver from Politecnico di
> Torino. Read the readme.txt for more information.
> 
> This tool has been known to annoy your system
> administrator, fill peoples hard disks, make it
> terribly frustrating to identify attackers, and kill
> realsecure sensors.
> 
> It is alpha code, and whilst it has been tested to run
> cleanly on nt4, nt2k, redhat and openbsd, it still has
> bugs - if you find them, i'll try and fix them.
> 
> If anyone has any mechanisms for getting the triggers
> out of realsecure, NetworkICE, or any other NIDS,
> please mail me.
> 
> How is the NIDS industry going to fix this? Stateful
> inspection for tcp.. NIDS behind firewall.. make
> triggers response based only.. only one thing is for
> sure, pattern matching is only part of the solution.
> 
> Please contact me for all suggestions, patches,
> comments or abuse at sniph00 at ...131...
> 
> thanks to 3rr0r for help getting this to market,
> Victoria Bitter for helping delay this, and that guy
> that wrote stick for beating me to the punch.
> 
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/?.refer=text
> 
> ----- End forwarded message -----
> 
> --
> http://www.notlsd.net
> PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list