[Snort-users] Snort testing with Snot

Kelly Mandrake atapi103 at ...125...
Thu Oct 3 13:45:10 EDT 2002


Hi, I have tested snort in sniffer mode, and packet logging mode, with 
sucess.  I would like to generate some alerts in IDS mode so I can determine 
if it is working corectly.

Upon researching I determined that snot can cause these alerts, however 
useing the FAQ for snort, I also determined that preprocessor stream4 
prevents snot atacks.

- I am running Windows 98 SE, Ver: 4.10.2222
- with snort Ver: 1.8.7 beta5-ODBC-Win32 (build 128) for Windows

I used snot to send 2 random atacks
source: 24.x.x.x/32
dest:   24.x.x.x/32

Snot reported the sending of both atacks, however upon viewing Alert.ids, it 
was empty....

I have two questions:

1) Is my alert.ids file empty because stream4 blocked the snot atacks?
2) Is there some way I can generate alerts for Snot, from my computer?  I 
only have one computer, thus it is not possible for me to use another 
computer to launch my atacks.

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com





More information about the Snort-users mailing list