[Snort-users] Testing Snort functionality, or, how do I know if Snort really works?

JJC cummingsj at ...11827...
Wed Mar 6 13:19:19 EST 2013


http://global-security.blogspot.com/2008/01/how-do-i-know-if-my-snort.html

On Wed, Mar 6, 2013 at 11:11 AM, Ricky Huang <rhuang.work at ...11827...> wrote:
> Hello all,
>
> Following the abundant info/instructions on snort.org, I have set up Snort
> on my server with basic configurations, loaded the latest (registered user)
> Sourcefire-VRT rules, and it is currently running according to the "status"
> argument.
>
> Now for the very n00b question, how do I know Snort actually works?
>
> I meant is there a test intrusion suite that will run again a
> snort-protected server for validation?  How does one test to see if a rule
> established by Sourcefire is in fact, in effect?  It would not make sense
> for me to sit around waiting for attacks, right?
>
>
> I apologize if this seem like a noob question, but it is my first experience
> setting up IDS/IPS.
>
>
> Thanks in advance.
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list