Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: signature testing (win32)

From: Robby Desmond <rdesmond () els ucsb edu>
Date: Tue, 10 Sep 2002 17:10:09 -0700
At 12:06 AM 9/11/02 +0000, netsec novice wrote:
Have SNORT/ACID set up and would like to verify that I'm detecting traffic on required subnets. I have seen reference to a tool called 'sneeze' that will generate false alarms but I have not been able to find it. Is there another way I can verify my setup by creating alerts that won't be destructive? 

thanks


http://www.snort.org/docs/faq.html#4.18

4.18 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: How do I test snort alerts and logging?

A: Try a rule that will fire off all the time like:
        alert tcp any any -> any any (msg:"TCP traffic";)
Also take a look at sneeze at http://snort.sourceforge.net/sneeze-1.0.tar Sneeze is a false positive generator that reads snort signatures and generates packets that will 
trigger the rules.
 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--


To quote an amazingly useful resource.
-Robby

Robert Desmond
Systems Administrator
UCSB Extended Learning Services
805-893-4906



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: