Snort mailing list archives
Re: Help to run snort on linux machine
From: "Adam Richards" <adam.richards () ecimln com>
Date: Wed, 7 Apr 2010 08:08:30 -0500
On the attacking host create a packet by first putting the desired payload into a text file. vi payload.txt AAAAAAAAAAAAAAAAAAAAAAAAA Then create the packet with the following properties and send it to 192.168.1.22 (or whatever your host is): set PUSH tcp flag, interface eth0, source port 2424 destination port 81, packet body size 26 and packet data from file payload.txt hping3 -P -i eth0 -s 3434 -p 81 -d 26 -E ./payload.txt 192.168.1.1 (or whatever another host on your network is) On the SNORT host "tail -f /var/log/snorttest/alert" shows that SNORT has been alerted through rule 1394 (sid) which is exactly the one we wanted to test: Adam Richards,CISSP | CEH From: Joel Esler [mailto:joel.esler () me com] Sent: Wednesday, April 07, 2010 7:45 AM To: Alan Ptak Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Help to run snort on linux machine I agree, metaspolit is the best way to test snort, however, let's be clear that metaspolit is not an IDS testing tool. It's an exploitation and vulnerability testing tool. -- Sent from my iPad On Apr 7, 2010, at 2:58 AM, Alan Ptak <alan.ptak () gmail com> wrote: Metasploit ftw! Nessus and nmap will also generate a good number of snort alerts with a typical set of rules. Choose your targets carefully :-) 2010/4/6 Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com> sri harsha wrote: > Thanks for the quick response. > > Does anybody know any tool which generates attack packets which are > stateful in nature and I can use that tool to test snort? I mean it > establishes the TCP connection and then send attack packets? Check out the awesome metasploit framework :) http://www.metasploit.com/ Be ware, this may exploit the targets if they are vulnerable! :) ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -- Alan Ptak alan.ptak () gmail com
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Help to run snort on linux machine sri harsha (Apr 06)
- Re: Help to run snort on linux machine Joel Esler (Apr 06)
- Message not available
- Re: Help to run snort on linux machine sri harsha (Apr 06)
- Re: Help to run snort on linux machine Edward Bjarte Fjellskål (Apr 06)
- Re: Help to run snort on linux machine Alan Ptak (Apr 06)
- Re: Help to run snort on linux machine Joel Esler (Apr 07)
- Re: Help to run snort on linux machine Adam Richards (Apr 07)
- Re: Help to run snort on linux machine sri harsha (Apr 06)
- Re: Help to run snort on linux machine sri harsha (Apr 07)
- Re: Help to run snort on linux machine Nick Moore (Apr 07)