Tools like Snot

[shyaam () gmail com]

PS: Kindly, excuse my ignorance. 

Snot is one tool that I just read about, that it simulates DoS for testing Snort signatures. I was unable to download 
snot from geocities link given in the SecurityFocus tools listing.

My question is:
Case 1:
Are there any tools that takes in the snort rules or some other rule sets and identifies the traffic direction, ports 
etc. and then generates a payload that simulates the content/uricontent along with all the conditions that might 
satisfy a signature listed in the particular IDS/IPS, to test if it is enabled or disabled, based on how it triggers.

Case 2:
If case one already exists, has anyone written something where it just does not find whether signature triggers for one 
particular case, but also find the boundary conditions for the combinations in a  single signature (with in pcre, 
combination of Pcre and content and all other possible combination). In other words, test for various possibilities.

Case 3: 
If both case 1 and case 2 exists, can this be used to combine more than one signatures in your rule set to one 
effective signature.

I am preparing for some exam and I was reading up on Snot. I just got these questions in my mind incidentally. Thank 
you for your time :-)

Kind Regards,
Shyaam

PS: Kindly, excuse my ignorance.



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------