[Snort-users] false positive generator
ravivsn at ...9637...
Tue Feb 10 20:44:05 EST 2004
Hi Matt and All,
I ran Nessus on Snort including NIDS evasion techniques, I do got so
many alerts, I dont think all of them are false positives.
Most of them fall under the category of Bad traffic and few are the
I wonder how you ran Nessus on the victim machine. Is Hydra plugin
working with Nessus and I would like to know how did you enable NIDS
evasion techniques of Nikto with Nessus. Just trying to clarify what I
did is correct. :)
About false positive generator, I developed a tool at home which
generated lot of false postivies in snort. I would like to release it in
next month after I complete writing a good make file and other docs.
Rendezvous On Chip (I) Pvt Ltd
Matt Kettler wrote:
> At 01:39 PM 2/10/2004, Peggy Kam wrote:
>> I am currently using snort-2.1.1-RC1 and am trying to use sneeze to
>> generate some false positves. However, it does not seem to work at
>> all (as mentioned previously). Does anyone know if there's another
>> false positive generator out ther?
> Well, if anyone knows something that's a false positive, let the snort
> developers know so they can fix it ASAP.
> Are you really trying to generate _false_ positives, or just generate
> alerts? Not all alerts require an actual overflow to occur..
> A nessus safe-mode scan should fire off at least a few alerts,
> although I'll admit I haven't tried it recently.
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users