Snort mailing list archives
Re: How dose suricata load snort dynamic rules (so_rules)?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 21 Nov 2016 23:22:59 +0000
There are lots of places to get pcaps for use in Snort. The Darpa set, while dated, is a good place to start. Other repositories like VirusTotal or pcapr.net<http://pcapr.net> are good places to go. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Nov 19, 2016, at 2:08 AM, 刘强 <liuqiang40 () 163 com<mailto:liuqiang40 () 163 com>> wrote: Hi The purpose is to show basic IDS ability. 1. ddos attack 2. SQL inject 3. Web attack and so on. Could you please kindly provide some precious advice? Thanks so much. At 2016-11-19 12:14:40, "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> wrote: Which rules are you trying to trigger? -- Sent from my iPhone On Nov 18, 2016, at 10:12 PM, 刘强 <liuqiang40 () 163 com<mailto:liuqiang40 () 163 com>> wrote: Hi, We need show a demo to our customer the IDS ability of snort. Where can I find some pcap samples to trigger the rules? Thanks a lot. 在 2016-11-18 00:06:43,"Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> 写道: It doesn’t. Suricata cannot load Snort’s Dynamic Ruleset. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Nov 16, 2016, at 9:58 PM, 刘强 <liuqiang40 () 163 com<mailto:liuqiang40 () 163 com>> wrote: Hi, How can I use the latest suricata to load the latest snort dynamic rules (so_rules)? Thanks a lot. 超大附件列表 [https://qiye.aliyun.com/reference/images/filetypes/v4_null.png] snortrules-snapshot-2983.tar[205.6MB] 进入下载页面<https://qiye.aliyun.com/alimail/openLinks/downloadMimeMetaDiskBigAttach?id=%2F%23user%2FDzzzzzzNqZx%3B0d2qyL%2FycBwlu77HMcINyQ%2B2WK57VTwEZKPG0RwecJQmUnb%2BBwr6PmOmjudCr%2FeymowAPoL0GD%2B%2BZJVyvnNtWg%3D%3D> ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort! Visit the Snort.org<http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- How dose suricata load snort dynamic rules (so_rules)? 刘强 (Nov 17)
- Re: How dose suricata load snort dynamic rules (so_rules)? Joel Esler (jesler) (Nov 17)
- Re: How dose suricata load snort dynamic rules (so_rules)? 刘强 (Nov 22)
- Re: How dose suricata load snort dynamic rules (so_rules)? Joel Esler (jesler) (Nov 18)
- Re: How dose suricata load snort dynamic rules (so_rules)? 刘强 (Nov 22)
- Re: How dose suricata load snort dynamic rules (so_rules)? Joel Esler (jesler) (Nov 21)
- Snort cann't check LOIC 刘强 (Nov 22)
- Re: Snort cann't check LOIC lists (Nov 22)
- Re: Snort cann't check LOIC lists (Nov 22)
- Re: Snort cann't check LOIC Joel Esler (jesler) (Nov 22)
- Re: How dose suricata load snort dynamic rules (so_rules)? 刘强 (Nov 22)
- Re: How dose suricata load snort dynamic rules (so_rules)? Joel Esler (jesler) (Nov 17)