[Snort-users] Testing Snort

Seth Art sethsec at ...11827...
Wed Apr 29 09:54:16 EDT 2009


Ana,

> second point , i have to configure a port mirroring in the switch to reflect
> traffic to the port which my snort is installed,
> I did it but just from one port source to destination port (cisco switch :
> catalyst 2960)
>
> when i tried more than source port , it dosen't work

Some switches only support a 1-1 mirror. Not sure about the 2950.
Just find the port on that switch that connects to your upstream
router/firewall/core switch, and mirror THAT to the IDS.   You will
miss traffic going from host1 going to host2 if both of them are on
the 2950, but you will see either of them talking to anyone that is
NOT on that switch.  This is usually enough for most situations.

> it's running good , now i have to test intrusion and attacks
> can you help me , guide me ??

Run metasploit or even nessus on the hosts attached to the 2950 (from
a machine NOT attached to the 2950), and you should be able to see
tons of attacks.


-Seth

On Wed, Apr 29, 2009 at 12:56 AM, -AnaS- _____ <pxxanasxxq at ...125...> wrote:
> Hello evryone,
> I am very happy to post you this email , this is my first time,
>
> I have instaled snort , apache server , mysql database , and the interface
> "BASE"
>
> it's running good , now i have to test intrusion and attacks
> can you help me , guide me ??
>
> I already tested scan.  I should test "Arp spoofing" and "Arp flooding" and
> others...
>
> second point , i have to configure a port mirroring in the switch to reflect
> traffic to the port which my snort is installed,
> I did it but just from one port source to destination port (cisco switch :
> catalyst 2960)
>
> when i tried more than source port , it dosen't work
>
> Thank you very much
>
>
>
> A.i.A
>
> ________________________________
> Découvrez tout ce que Windows Live a à vous apporter !
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list