[Snort-users] testing snort

counter.spy at ...348... counter.spy at ...348...
Sun Jun 16 10:06:02 EDT 2002


>hiii everybody
>

Hello,

>i am new in using snort i have setup all my needed configuration....
>i now need to test it so i downloaded two programs "fragrouter" which i    

>cant run on >
redhat  7.2 and snot which has a problem with the type of my 
>nic "not prism 2 NIC" ???
>
>is there another tools that tests all or almost all the signatures 
>that snort detects for example its input is a rule file that it will 
>trigger ....
>
>any help is apreciated .....thanx in advance...
>

Well there are a variety of good tools for IDS testing, but which of these
are the
"right" tools depends on what you actually want to test.
Do you want to just get an idea about how snort works and reacts, do you
want to
do benchmarks (which is a _very_ hairy issue and I would not claim to be
able to do 
that properly myself), or do you simply want to check if all rules you
configured are
working properly?

I have used snot and other tools during my evaluations just in order to
learn
something about the "look and feel" of snort and other IDSs and in order to
learn what things are really important when using an IDS in practice (in
comparison
to what some theoretical papers tell us what should be important).

Stick, Snot and fragrouter and fragroute (there's a difference between those
last two)
are good tools for testing functionality and reassembly issues as well as
statefulness.

You really should try to get those tools working on your system. From what I
know this
should be no real big problem.

Hope that helps,
Detmar


-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-users mailing list