Snort mailing list archives
Re: PCAP samples to test Snort rules (community and subscriber)
From: Jason Minto <jminto () lomin com>
Date: Thu, 4 Aug 2016 13:31:49 -0400
You could consider vulnerability testing tools, In the past I've stuck with the Black Hat CTF. However, you could use a number of different vulnerability tools. You could get invasive with something as trivial as Kali Linux and Metasploit was helpful. You could also spring some cash for Canvas or Core Impact. Don't forget you can always use the less invasive vulnerability scanners: Nessus/tenable, IP360, or the like. Best Wishes, Jason A. Minto On Wed, Aug 3, 2016 at 12:39 PM, Pat <pkugrinas () gmail com> wrote:
Hello, We're working on an automated binary analysis platform which captures traffic and runs Snort/Suricata on the resulting .pcap. With the recently purchased rule subscription I was wondering if there are any recommended ways to test some of the rules functionality. Partly because I'm not completely certain I've got all the configuration bits right.. and it'd be great to see them in action in general. I found some repositories containing malicious traffic PCAP samples, notably the ones from various CTFs and contagio. Is there anything else I can try to really make sure to trigger them? Thanks, -p ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- PCAP samples to test Snort rules (community and subscriber) Pat (Aug 03)
- Re: PCAP samples to test Snort rules (community and subscriber) Jason Minto (Aug 04)