[Snort-users] pcaps for triggering rules

Pratik Narang pratik.cse.bits at ...11827...
Fri Aug 24 10:47:30 EDT 2012


eh...how about something with which i might be able to generate alerts
for the rules i want'?
Metasploit is indeed a very powerful and useful tool for the purpose i
have listed, but i guess i dont have that kind of experience to use it
in a controlled fashion. I mean - how will i know what attack to use
to trigger which alert???

And, when i wrote below that " what other option do I have to do some
testing with Snort rules", my intention was that if content checks are
not well suited for this purpose of testing rules, what other options
I have in Snort.

On Fri, Aug 24, 2012 at 7:05 PM, Joel Esler <jesler at ...1935...> wrote:
> On Aug 24, 2012, at 9:14 AM, Pratik Narang <pratik.cse.bits at ...11827...>
> wrote:
>
> That is an interesting piece of information for me. So if 'content'
> checks are for "very specific malware" downloads, what other option do
> I have to do some testing with Snort rules?
>
>
> How about metasploit?
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire




More information about the Snort-users mailing list