[Snort-users] pcaps for triggering rules

Pratik Narang pratik.cse.bits at ...11827...
Fri Aug 24 03:38:07 EDT 2012


Yes, same experience at my end. The tools surely sounds interesting...

On Fri, Aug 24, 2012 at 12:56 PM, Tony Robinson
<deusexmachina667 at ...11827...> wrote:
> Hm... I just looked for rules2alerts tool via google search and wasn't able
> to find it, with quotation marks and all. I consider my google-fu decent,
> but there's a chance I could be completely off base here and not searching
> for the right thing.
>
> I'm interested in this tool -- could you provide a link for it? copied the
> mailing list because this could be useful to everyone here.
>
> Thanks!
>
> -Tony/da667
>
>
> On Fri, Aug 24, 2012 at 3:15 AM, Gmail Personal <mainmen1985 at ...11827...>
> wrote:
>>
>> Pratik,
>>
>> Google for "rules2alerts". As long as your rules are currently in the
>> Emerging Threats or sourcefire rule set, you can just create a custom rule
>> set with the rules you want to test, run rules2alerts and you're set
>>
>> If you want specific rules from your local.rules set, then I suggest
>> Scapy, too
>>
>> That might do the job
>>
>> Emeka Agu | Sent from  iPad
>>
>> On 24 Aug 2012, at 07:26, Pratik Narang <pratik.cse.bits at ...11827...> wrote:
>>
>> Dear Snort users,
>>
>> A good deal of Snort rules do a 'content' check.
>> Can I use some utility so that I may be able to craft or tamper
>> packets just to suit them to trigger Snort rules of my choice?
>> Essentially, I guess, I am asking if I can create sample pcaps or
>> modify actual pcap captures which will trigger certain rules.
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
>
>
> --
> when does reality end? when does fantasy begin?




More information about the Snort-users mailing list