[Snort-users] Test Snort with real attacks\packets

Joel Esler eslerj at ...11827...
Mon Feb 9 10:28:35 EST 2009


Sneeze nor Snot work.
J

On Mon, Feb 9, 2009 at 10:21 AM, Ryan Jordan <ryan.jordan at ...1935...>wrote:

> Richard, your last link isn't working for me. It still asks for
> registration.
>
> Itay: Sneeze is incredibly out of date. Also, it tries to generate false
> positives based on your rules. This would just test whether or not your
> rules are able to be triggered. It wouldn't help you test against actual
> exploits.
>
> To answer your second question, I've heard good things about Metasploit.
> http://www.metasploit.com/
>
> -Ryan
>
>
> On Sun, Feb 8, 2009 at 3:19 PM, Richard Bejtlich <taosecurity at ...11827...>wrote:
>
>> Hello,
>>
>> http://www.google.com/search?q=how+to+test+snort
>>
>> First result:
>>
>>
>> http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1266313,00.html
>>
>> Without registration:
>>
>>
>> http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1266313_mem1,00.html
>>
>> Sincerely,
>>
>> Richard
>>
>> On Sun, Feb 8, 2009 at 4:18 AM, Itay Dagan <itay at ...14513...> wrote:
>> > Hi
>> > I need an advise with Snort testing ...
>> >
>> > I am interested on checking my snort in the best way that I can.
>> >
>> > I have a my own environment for  snort
>> > which I add rules of my own etc.
>> >
>> > At first I was trying to use sneeze in order to check all the rules
>> >
>> > My first Q is :
>> > Is it possible to use sneeze from a different PC in the network ? (in
>> snort ver 2.4-2.8)
>> > I tried it but it seems sneeze doesn't create any packets.
>> > Maybe sneeze is for older snort versions ?
>> >
>> >
>> > My second Q is :
>> > Is there a site or a data base that contains links to Snort attacks so I
>> can check my environment ?
>> > It can be really nice to create a "Lab" for snort that checkes all sort
>> of real attacks
>> >
>> > appreciate your help
>> >
>> > Itay
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Create and Deploy Rich Internet Apps outside the browser with
>> Adobe(R)AIR(TM)
>> > software. With Adobe AIR, Ajax developers can use existing skills and
>> code to
>> > build responsive, highly engaging applications that combine the power of
>> local
>> > resources and data with the reach of the web. Download the Adobe AIR SDK
>> and
>> > Ajax docs to start building applications today-
>> http://p.sf.net/sfu/adobe-com
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>>
>>
>> ------------------------------------------------------------------------------
>> Create and Deploy Rich Internet Apps outside the browser with
>> Adobe(R)AIR(TM)
>> software. With Adobe AIR, Ajax developers can use existing skills and code
>> to
>> build responsive, highly engaging applications that combine the power of
>> local
>> resources and data with the reach of the web. Download the Adobe AIR SDK
>> and
>> Ajax docs to start building applications today-
>> http://p.sf.net/sfu/adobe-com
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
>
>
> ------------------------------------------------------------------------------
> Create and Deploy Rich Internet Apps outside the browser with
> Adobe(R)AIR(TM)
> software. With Adobe AIR, Ajax developers can use existing skills and code
> to
> build responsive, highly engaging applications that combine the power of
> local
> resources and data with the reach of the web. Download the Adobe AIR SDK
> and
> Ajax docs to start building applications today-
> http://p.sf.net/sfu/adobe-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler
http://www.joelesler.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090209/ac038d39/attachment.html>


More information about the Snort-users mailing list