[Snort-users] Re: Testing snort

ro0tw0rm at ...131... ro0tw0rm at ...131...
Fri Sep 7 08:47:03 EDT 2001


You can go to this link which does a remote scan on your box.  I guess this
would only work if you already had the box in production.

http://www.security-protocols.com/nukeports-us.php


./og

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
gary.smith at ...3189...
Sent: Friday, September 07, 2001 1:09 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Re: Testing snort


>What is the best (and easiest) way to test snort?
>I am using the ruleset from the snort downloads page (with the addition of
a
>ftp check for root login).
>i wan't to check the alert recording. (viewable via snortreport)

You could try running SNOT which generates packets based on SNORT rulesets,
this would allow you to test _all_ of your rules are being triggered.

http://www.sec33.com/sniph/

Its billed as an attack tool but it shoud give your probes a workout as well
;>

--Gary;


**********************************************************************
Information contained herein is the sole responsibility of the Individual
sending the message. No responsibility is admitted by Scottish Amicable
for any loss or damage incurred through use of the email. In addition, no
statement should be construed as giving investment advice within or
outside the United Kingdom.
An email reply to this address may be subject to interception or monitoring
for operational reasons or for lawful business practices.
*********************************************************************

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list