[Snort-users] Way to generate alerts?

Giles Coochey giles at ...9346...
Thu Jan 17 11:48:31 EST 2013


On 10/01/2013 22:46, Matthew Van Gent wrote:
>
> administrator at ...16039...:~$ curl testmyids.com
>
> uid=0(root) gid=0(root) groups=0(root)
>
> administrator at ...16039...:~$
>
> I do not see any alerts in snortreport.
>
>
Which implies that the test has failed?

Another good test is to download a PCAP from one of these locations: 
http://code.google.com/p/security-onion/wiki/Pcaps

and using tcpreplay to fire them into your wires.

-- 
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles at ...9346...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130117/54de0cd0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4968 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130117/54de0cd0/attachment.bin>


More information about the Snort-users mailing list