Snort mailing list archives
Re: how to test snort rules?
From: Kevin Ross <kevross33 () googlemail com>
Date: Tue, 8 Feb 2011 12:38:14 +0000
You could also look at openpacket.org and set snort to read the packet in (make sure you haven't set your $HOME_NET variable and to test it so it will fire on any IP though in practice you should have your $HOME_NET set and then EXTERNAL_NET !HOME_NET so it considers everything else non-internal). I would also advise using the emergingthreats snort rules (google them) for some free rules which cover a lot of malware, command and control, known hostile IP address, exploits, scanners and so on. You could also look on sites like exploit-db.com for vulnerabilities which are covered to test them from another system. Regards, Kevin On 8 February 2011 09:29, anvin igcar <avigcar () gmail com> wrote:
Dear members I am new in snort and I installed it on my Fedora 12 system. SNORT is running properly and I am using BASE to view snort alerts. I want to know how to test snort rules , I want to test my running snort before deploying it. Is there any software which would do this? Thanks ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to test snort rules? anvin igcar (Feb 08)
- Re: how to test snort rules? Ray Caparros (Feb 08)
- Re: how to test snort rules? phillip () bailey st (Feb 08)
- Re: how to test snort rules? Kevin Ross (Feb 08)
- Re: how to test snort rules? Matt Olney (Feb 08)
- Re: how to test snort rules? Fraser, Hugh (Feb 09)
- Re: how to test snort rules? Matt Olney (Feb 08)
- Re: how to test snort rules? anvin igcar (Feb 08)
- Re: how to test snort rules? Matthew Jonkman (Feb 09)
- Re: how to test snort rules? Matt Olney (Feb 09)
- Re: how to test snort rules? Matthew Jonkman (Feb 09)
- Re: how to test snort rules? Matt Olney (Feb 08)
- Re: how to test snort rules? waldo kitty (Feb 09)