[Snort-users] how to test snort rules?

Kevin Ross kevross33 at ...14012...
Tue Feb 8 07:38:14 EST 2011


You could also look at openpacket.org and set snort to read the packet in
(make sure you haven't set your $HOME_NET variable and to test it so it will
fire on any IP though in practice you should have your $HOME_NET set and
then EXTERNAL_NET !HOME_NET so it considers everything else non-internal). I
would also advise using the emergingthreats snort rules (google them) for
some free rules which cover a lot of malware, command and control, known
hostile IP address, exploits, scanners and so on. You could also look on
sites like exploit-db.com for vulnerabilities which are covered to test them
from another system.

Regards, Kevin

On 8 February 2011 09:29, anvin igcar <avigcar at ...11827...> wrote:

> Dear members
>   I am new in snort and I installed it on my Fedora 12 system. SNORT is
> running properly and I am using BASE to view snort alerts. I want to know
> how to test snort rules , I want to test my running snort before deploying
> it.
> Is there any software which would do this?
>
> Thanks
>
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110208/ed8705a1/attachment.html>


More information about the Snort-users mailing list