[Snort-users] signature testing (win32)

Erek Adams erek at ...577...
Wed Sep 11 10:54:01 EDT 2002


On Wed, 11 Sep 2002, netsec novice wrote:

> Have SNORT/ACID set up and would like to verify that I'm detecting traffic
> on required subnets.  I have seen reference to a tool called 'sneeze' that
> will generate false alarms but I have not been able to find it.  Is there
> another way I can verify my setup by creating alerts that won't be
> destructive?

Make your life really simple.  Just have a rule that fires on a ping.  Then
ping a box on that net and you should have an alert.  No need to get other
programs, etc...  The simpler you keep it, the better off you are.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list