Snort mailing list archives
Re: need some attacks to test snort
From: Joel Esler <joel.esler () sourcefire com>
Date: Sun, 22 Apr 2007 14:49:20 -0400
I know www.testmyids.com has worked for some people. +---------------------------------------------------------------------+ Joel Esler Security Consultant gpg key: http://demo.sourcefire.com/jesler.pgp.key +---------------------------------------------------------------------+ On Apr 22, 2007, at 12:12 PM, Benjamin Small wrote:
Hi Fossil, There are several ways to test snort and to debug issues. If you are concerned that snort isn't seeing the traffic you wish to detect, then you will want to tcpdump on the interface and initiate traffic between the hosts you want to monitor. There are a quite a few vulnerability scanners you can use to test a snort sensor. These softwares can be complicated and are a little overkill if you just want to ensure your snort sensor is firing properly. A great way to test snort's ability to fire a signature with out having to install a complicated vulnerability scanner is to use netcat and telnet. Using netcat to initiate a listening port on a remote host, say port 80. You can then telnet to the listener and feed it raw HTTP protocol. For example, once connected feed it: GET /etc/passwd HTTP/1.1<ENTER> <ENTER> Press enter instead of typing <ENTER>, but this will simulate a browser requestion the /etc/passwd file on a webserver. This should fire the /etc/passwd signature, confirming the sensor is operating correctly. Regards, Benjamin On Friday 20 April 2007 02:08, Patrick S. Harper wrote:Nessus will do that, he just mentioned that if your curently reciving ICMP alerts then you know Snort is runing. You also look might look at metasploit.-----Original Message----- From: snort-users-bounces () lists sourceforge net [mailto:snort-users- bounces () lists sourceforge net] On Behalf Of Fossil Sent: Friday, April 20, 2007 12:43 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] need some attacks to test snort Thank you Joel Sure, I will try BASE. About the ICMP, ya thats true but i want to study more about how this rules get fired and how attacks are made, so i was looking for more attacks for my understanding and learning about the network security. so if you have more info regarding where i can download those codes i will more than helpful. best regards fossil Fossil, #1 -- Don't use ACID, use BASE. http://base.secureideas.net #2 -- You can use something like nessus to make Snort alert to make sure it's generating alerts, however, if you already receiving ICMP alerts, then you know it working properly. Joel +------------------------------------------------------------------- --+ Joel Esler Security Consultant gpg key: http://demo.sourcefire.com/jesler.pgp.key +------------------------------------------------------------------- --+ On Apr 19, 2007, at 9:43 PM, Fossil wrote:Hello every one i have installed snort and Acid now i need some attacks - code by which i can check snort. i mean some example code, script by running that on other machine, the snort generates alert. is there a site where i can download some attacks for testing purpose. i have the ICMP or ping based attacks but i want other ones. is there a source where i can download that code any help will be appreciated Thanks and regards fossil________________________________ Ahhh...imagining that irresistible "new car" smell? Check out new cars at Yahoo! Autos. <http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/ new_cars.html ;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LW Nhc nM->--------------------------------------------------------------------- ---- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users---------------------------------------------------------------------- --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- need some attacks to test snort Fossil (Apr 19)
- Re: need some attacks to test snort Joel Esler (Apr 19)
- <Possible follow-ups>
- Re: need some attacks to test snort Fossil (Apr 19)
- Re: need some attacks to test snort Patrick S. Harper (Apr 19)
- Re: need some attacks to test snort Benjamin Small (Apr 22)
- Re: need some attacks to test snort Joel Esler (Apr 22)
- Re: need some attacks to test snort Patrick S. Harper (Apr 19)