[Snort-users] Test Snort with real attacks\packets

Ian Masters ian at ...12163...
Mon Feb 9 20:16:11 EST 2009

Joel Esler wrote:
> Many of our rules are written to vulnerability, not exploit.  Nessus 
> mostly checks for presence of vulnerability (banner checking) or ability 
> to exploit.  Many times Nessus won't trigger Snort.
> Metasploit, being an actual exploitation method, will.

Sorry, yet again my mail didn't go to the list, only the OP.

I threw a default Nessus scan against a vanilla snort sensor yesterday
and it produced 148 alerts in a 10 minute interval.

I've not used Metasploit (yet).


More information about the Snort-users mailing list