RE: Snort signature packet generator

["Jeff Dell" <jdell () activeworx com>]

You might want to take a look at stick or snot... They can be found at:

Snot: http://www.stolenshoes.net/sniph/index.html 

Stick: http://www.eurocompton.net/stick/projects8.html
         http://www.securityfocus.com/tools/1974

Jeff 

> -----Original Message-----
> From: Graeme Connell [mailto:gconnell () middlebury edu] 
> Sent: Friday, November 05, 2004 12:29 PM
> To: focus-ids () securityfocus com
> Subject: Snort signature packet generator
>
> I'm attempting to train a neural network using snort, and I'm having 
> trouble getting a good number of "bad" packets, IE: those that snort 
> considers malicious.  Since a snort signature is really just a 
> definition of a subset of all possible packets, it seems like 
> it should 
> be possible to create a packet that snort considers bad by filling in 
> packet fields based on a snort signature, then filling the 
> rest of the 
> packet with random garbage.  Does anyone know if this type of program 
> has already been created, and if so, where could I find it?  Thanks.
>
>               --Graeme Connell
>
> --------------------------------------------------------------
> ------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world 
> attacks from 
> CORE IMPACT.
> Go to 
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> --------------------------------------------------------------
> ------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------