[Snort-users] Help would be appreciated!

James Lay jlay at ...13475...
Thu Jun 12 17:47:21 EDT 2014


On Thu, 2014-06-12 at 20:25 +0000, Nicholas Mavis (nmavis) wrote:
> Charlie,
> 
> 
> Not a problem, however please keep all discussion on the list rather
> than direct e-mails.
> 
> 
> You can write rules for anything. The packet does not necessarily have
> to be malicious in order to work your ability to write rules. Another
> good option would be to write rules for metasploit modules.
> 
> 
> Nick
> 
> 
> From: Charlie Egan <chas5873 at ...11827...>
> Date: Thursday, June 12, 2014 at 2:02 PM
> To: "snort-users at lists.sourceforge.net"
> <snort-users at lists.sourceforge.net>
> Subject: [Snort-users] Help would be appreciated!
> 
> 
> 
> Hi guys, 
> 
> I've been playing around with Snort for a while now as a little
> project of mine, and I'm doing my best to get the hang of writing
> rules for it. I'm becoming more familiar with how signatures are made,
> and I'd like to begin writing rules which aren't currently detected by
> Snort, even if they're fairly simple ones.
> 
> 
> 
> Currently I'm using Snort as a sniffer on a Kali Linux VM, metasploit
> on another Kali Linux VM, and Windows 2000 & XP as victim machines.
> I've been looking for exploits on sites such as exploit db and
> 1337day, and I'm trying to start with plain text protocols such as FTP
> and HTTP to make writing the rules slightly easier for me (using basic
> regular expressions and such). 
> 
> 
> 
> If anybody could help me out it would be much appreciated, I've been
> trying to get my head around writing a rule that's not currently
> detected for a while now, and I'm not having much luck. 
> 
> 
> 
> I'm not familiar with how these mailing lists work as well, so
> apologies if this isn't the sort of thing I should be posting - I've
> looked quite thoroughly for forums dedicated to Snort, and was hoping
> to find some good ones, especially with sections for beginners,
> although haven't had any luck as of yet. 
> 
> 
> 
> Thanks for any help,
> 
> 
> 
> Charlie
> 
> 
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


Also, the snort-sigs list is good for rule chit chat as well, but I
don't think anyone's been chastised for posted sig related stuff on this
list.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140612/6141a8f8/attachment.html>


More information about the Snort-users mailing list