[Snort-users] pcaps for triggering rules

Joel Esler jesler at ...1935...
Fri Aug 24 11:05:41 EDT 2012


Metasploit modules are labeled by CVE.  We include CVE references in all the rules.

Best advice I can give you.

On Aug 24, 2012, at 10:47 AM, Pratik Narang <pratik.cse.bits at ...11827...> wrote:

> eh...how about something with which i might be able to generate alerts
> for the rules i want'?
> Metasploit is indeed a very powerful and useful tool for the purpose i
> have listed, but i guess i dont have that kind of experience to use it
> in a controlled fashion. I mean - how will i know what attack to use
> to trigger which alert???
> 
> And, when i wrote below that " what other option do I have to do some
> testing with Snort rules", my intention was that if content checks are
> not well suited for this purpose of testing rules, what other options
> I have in Snort.
> 
> On Fri, Aug 24, 2012 at 7:05 PM, Joel Esler <jesler at ...1935...> wrote:
>> On Aug 24, 2012, at 9:14 AM, Pratik Narang <pratik.cse.bits at ...11827...>
>> wrote:
>> 
>> That is an interesting piece of information for me. So if 'content'
>> checks are for "very specific malware" downloads, what other option do
>> I have to do some testing with Snort rules?
>> 
>> 
>> How about metasploit?
>> 
>> --
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire





More information about the Snort-users mailing list