Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Tests?

From: mulhern <mulhern () gmail com>
Date: Wed, 17 Jul 2013 12:04:54 -0400
Yes, Snort in its full glory is overkill for an embedded system.

But, essentially, I'm not doing this for me but for an open-source project
which will make this available to others. At some point it will be up to
Yocto users to decide whether and how to use Snort.

Your other suggestion to test the distribution from the outside using
Backtrack makes sense for a single individual. But, the Yocto project would
need to incorporate Backtrack into its testing tools using a source
distribution. Kali Linux, the new version of Backtrack, looks like it might
be a little more cooperative about that.

- mulhern

On Wed, Jul 17, 2013 at 11:14 AM, Keith A. Glass <salgak () speakeasy net>wrote:


Well, if you're looking to embed full-up testing, I'd think that was
overkill.  That, of course, will depend on the resources available to
your embedded system: I have little expertise there.   I'd think more
along the lines of maybe a customized test tool packaged separately.

Or just a suggested suite of tests from a standardized security
distribution, i.e. BackTrack, Helix, etc. .

On Wed Jul 17 11:03 , mulhern  sent:


nmap scan is a good place to start.

More background: I'm setting up some security functionality for the Yocto

project (which is for embedded systems) and it won't be able to
include full functionality. It must all be open source, so VRT rules not
allowed and so forth. I need to target the functionality that it
will offer entirely under an open-source license.


Given that, what do you think?
Thanks!




On Wed, Jul 17, 2013 at 10:17 AM, Keith A. Glass <salgak () speakeasy net>

wrote:


On Wed Jul 17 10:02 , mulhern  sent:




Supposing you have Snort up and running is their any set of available

standard tests that you can run to see if it is actually working?





Do a full-up nmap scan ?  If you want to do a wide spectrum test, there's

Metasploit (free) or Karollon (commercial)





Or find a friendly CEH and ask to borrow his course DVDs: we all have 4

or so DVDs worth of somewhat-dated hacking tools if they took the

official curriculum. . .






------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: