[Snort-users] Help would be appreciated!

Charlie Egan chas5873 at ...11827...
Thu Jun 12 14:02:15 EDT 2014


Hi guys,

I've been playing around with Snort for a while now as a little project of
mine, and I'm doing my best to get the hang of writing rules for it. I'm
becoming more familiar with how signatures are made, and I'd like to begin
writing rules which aren't currently detected by Snort, even if they're
fairly simple ones.

Currently I'm using Snort as a sniffer on a Kali Linux VM, metasploit on
another Kali Linux VM, and Windows 2000 & XP as victim machines. I've been
looking for exploits on sites such as exploit db and 1337day, and I'm
trying to start with plain text protocols such as FTP and HTTP to make
writing the rules slightly easier for me (using basic regular expressions
and such).

If anybody could help me out it would be much appreciated, I've been trying
to get my head around writing a rule that's not currently detected for a
while now, and I'm not having much luck.

I'm not familiar with how these mailing lists work as well, so apologies if
this isn't the sort of thing I should be posting - I've looked quite
thoroughly for forums dedicated to Snort, and was hoping to find some good
ones, especially with sections for beginners, although haven't had any luck
as of yet.

Thanks for any help,

Charlie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140612/4e1274ee/attachment.html>


More information about the Snort-users mailing list