IDS mailing list archives
RE: Snort signature packet generator
From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Mon, 8 Nov 2004 10:15:35 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graeme, Several exist. 1) Snot 2) Stick However, a pretty awesome tool that we've been using internally is IDS Informer from Blade Software (http://www.blade-software.com) This tool not only sends the attacks out on the wire but also completes a three-way handshake with the attack simulating a victim host to make Snort/any IDS think an actual attack is taking place. You can choose from hundreds if not more, attacks from its attack selector. They'll give you a 30-day trial if you want to sniff it out. It is definitely worth a look at! http://www.blade-software.com/IDSInformer.htm Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, Inc. http://www.appliedwatch.com Direct: (877) 262-7593 x327 1134 N. Main St. Algonquin, IL 60102 - -----Original Message----- From: Graeme Connell [mailto:gconnell () middlebury edu] Sent: Friday, November 05, 2004 11:29 AM To: focus-ids () securityfocus com Subject: Snort signature packet generator I'm attempting to train a neural network using snort, and I'm having trouble getting a good number of "bad" packets, IE: those that snort considers malicious. Since a snort signature is really just a definition of a subset of all possible packets, it seems like it should be possible to create a packet that snort considers bad by filling in packet fields based on a snort signature, then filling the rest of the packet with random garbage. Does anyone know if this type of program has already been created, and if so, where could I find it? Thanks. --Graeme Connell - ---------------------------------------------------------------------- - ---- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. - ---------------------------------------------------------------------- - ---- -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQY+bpqG62zuWaFzQEQJcwACeJhLDgCoAfjUBFX5fKvQQ6pgex6cAoKwt 60UxjfFZtsoDDuqUn32FSw14 =PDRb -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Snort signature packet generator Graeme Connell (Nov 08)
- RE: Snort signature packet generator Eric Hines (Nov 09)
- RE: Snort signature packet generator Jeff Dell (Nov 09)
- Re: Snort signature packet generator Dirk Geschke (Nov 09)
- RE: Snort signature packet generator Leandro Reox (Nov 12)
- Re: Snort signature packet generator Martin Roesch (Nov 09)
- Re: Snort signature packet generator Stefano Zanero (Nov 14)
- <Possible follow-ups>
- RE: Snort signature packet generator adam.w.hogan (Nov 09)
- Re: Snort signature packet generator ADT (Nov 12)
- Re: Snort signature packet generator Derek Armstrong (Nov 09)
- RE: Snort signature packet generator Simon and Lori Chang (Nov 12)