[Snort-users] signature testing (win32)

Erek Adams erek at ...577...
Wed Sep 11 10:54:01 EDT 2002

On Wed, 11 Sep 2002, netsec novice wrote:

> Have SNORT/ACID set up and would like to verify that I'm detecting traffic
> on required subnets.  I have seen reference to a tool called 'sneeze' that
> will generate false alarms but I have not been able to find it.  Is there
> another way I can verify my setup by creating alerts that won't be
> destructive?

Make your life really simple.  Just have a rule that fires on a ping.  Then
ping a box on that net and you should have an alert.  No need to get other
programs, etc...  The simpler you keep it, the better off you are.


Erek Adams

More information about the Snort-users mailing list