Snort mailing list archives
Re: signature testing (win32)
From: Robby Desmond <rdesmond () els ucsb edu>
Date: Tue, 10 Sep 2002 17:10:09 -0700
At 12:06 AM 9/11/02 +0000, netsec novice wrote:
Have SNORT/ACID set up and would like to verify that I'm detecting traffic on required subnets. I have seen reference to a tool called 'sneeze' that will generate false alarms but I have not been able to find it. Is there another way I can verify my setup by creating alerts that won't be destructive?thanks
http://www.snort.org/docs/faq.html#4.18 4.18 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq-- Q: How do I test snort alerts and logging? A: Try a rule that will fire off all the time like: alert tcp any any -> any any (msg:"TCP traffic";)Also take a look at sneeze at http://snort.sourceforge.net/sneeze-1.0.tar Sneeze is a false positive generator that reads snort signatures and generates packets that will
trigger the rules. --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq-- To quote an amazingly useful resource. -Robby Robert Desmond Systems Administrator UCSB Extended Learning Services 805-893-4906 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- signature testing (win32) netsec novice (Sep 10)
- Re: signature testing (win32) Matt Kettler (Sep 10)
- Re: signature testing (win32) Erek Adams (Sep 11)
- Re: signature testing (win32) Mark Villanova (Sep 15)
- Re: signature testing (win32) Robby Desmond (Sep 15)
- <Possible follow-ups>
- RE: signature testing (win32) Hicks, John (Sep 11)