[Snort-users] [sniph00 at ...1688...: Announce: snot 0.85a released]

Fyodor fygrave at ...121...
Wed Mar 28 14:55:49 EST 2001

FYI :)

----- Forwarded message from sniph <sniph00 at ...1688...> -----

From: sniph <sniph00 at ...1688...>
Date:         Tue, 27 Mar 2001 02:20:50 -0800
To: FOCUS-IDS at ...220...
Subject:      Announce: snot 0.85a released
Reply-To: sniph <sniph00 at ...1688...>

Announcing the release of snot 0.85a, a general
purpose snort alert generator and all round nids decoy

Download snot from http://www.geocities.com/sniph00

snot allows unix and windows users to trigger
arbitrary snort alerts, by reading a snort rules file.
source and destination addresses can be overridden at
the command line, or read as input from the snort
rules. It requires libnet to be installed, and on
windows also the pcap driver from Politecnico di
Torino. Read the readme.txt for more information.

This tool has been known to annoy your system
administrator, fill peoples hard disks, make it
terribly frustrating to identify attackers, and kill
realsecure sensors.

It is alpha code, and whilst it has been tested to run
cleanly on nt4, nt2k, redhat and openbsd, it still has
bugs - if you find them, i'll try and fix them.

If anyone has any mechanisms for getting the triggers
out of realsecure, NetworkICE, or any other NIDS,
please mail me.

How is the NIDS industry going to fix this? Stateful
inspection for tcp.. NIDS behind firewall.. make
triggers response based only.. only one thing is for
sure, pattern matching is only part of the solution.

Please contact me for all suggestions, patches,
comments or abuse at sniph00 at ...131...

thanks to 3rr0r for help getting this to market,
Victoria Bitter for helping delay this, and that guy
that wrote stick for beating me to the punch.

Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.

----- End forwarded message -----

PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

More information about the Snort-users mailing list