[Snort-users] false positive generator

Ravi ravivsn at ...9637...
Tue Feb 10 20:44:05 EST 2004


Hi Matt and All,
 I ran Nessus on Snort including NIDS evasion techniques, I do got so 
many alerts, I dont think all of them are false positives.
Most of them fall under the category of Bad traffic and few are the 
exploits.
I wonder how you ran Nessus on the victim machine. Is Hydra plugin 
working with Nessus and I would like to know how did you enable NIDS 
evasion techniques of Nikto with Nessus. Just trying to clarify what I 
did is correct. :)

About false positive generator, I developed a tool at home which 
generated lot of false postivies in snort. I would like to release it in 
next month after I complete writing a  good make file and other docs.

Cheers,
-Ravi
Rendezvous On Chip (I) Pvt Ltd
http://www.rocsys.com


Matt Kettler wrote:

> At 01:39 PM 2/10/2004, Peggy Kam wrote:
>
>> I am currently using  snort-2.1.1-RC1 and am trying to use sneeze to 
>> generate some false positves.  However, it does not seem to work at 
>> all (as mentioned previously).  Does anyone know if there's another 
>> false positive generator out ther?
>
>
> Well, if anyone knows something that's a false positive, let the snort 
> developers know so they can fix it ASAP.
>
> Are you really trying to generate _false_ positives, or just generate 
> alerts? Not all alerts require an actual overflow to occur..
>
> A nessus safe-mode scan should fire off at least a few alerts, 
> although I'll admit I haven't tried it recently.
>
>
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>







More information about the Snort-users mailing list