IDS mailing list archives
Re: Snort signature packet generator
From: ADT <synfinatic () gmail com>
Date: Tue, 9 Nov 2004 10:59:37 -0800
IMHO, using a scanner such as Nessus would only train a neural network how to detect a scanner. Scanners in general, try not to send actual exploits because it'll break the target. Rather they non-intrusive techniques such as banner grabbing to determine if a target is vulnerable. As earlier mentioned, Snot/Stick don't do TCP 3way handshakes and hence don't generate legit traffic which would be useful to train a neural net either. Your best bet is to either get a bunch of exploits and run them (easy to find, but dangerous if you don't know what you're doing) or find pcap's of actual exploits and use something like tcpreplay to train (much harder to find, but safer). -Aaron -- http://synfin.net On Mon, 8 Nov 2004 10:30:47 -0500, adam.w.hogan <adam.w.hogan () delphi com> wrote:
There is a program to do just that: Snot [0]. But this strikes me as a very inaccurate way to train a neural network. You would be using purely crafted packets which may or may not appear as an actual attack would. Snot is made to fill up snort logs, and the packets it creates are done purely to trip rules, not appear 100% valid. Instead I would download exploits and scanners like Nessus and use actual attacks to train your neural net.
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Snort signature packet generator Graeme Connell (Nov 08)
- RE: Snort signature packet generator Eric Hines (Nov 09)
- RE: Snort signature packet generator Jeff Dell (Nov 09)
- Re: Snort signature packet generator Dirk Geschke (Nov 09)
- RE: Snort signature packet generator Leandro Reox (Nov 12)
- Re: Snort signature packet generator Martin Roesch (Nov 09)
- Re: Snort signature packet generator Stefano Zanero (Nov 14)
- <Possible follow-ups>
- RE: Snort signature packet generator adam.w.hogan (Nov 09)
- Re: Snort signature packet generator ADT (Nov 12)
- Re: Snort signature packet generator Derek Armstrong (Nov 09)
- RE: Snort signature packet generator Simon and Lori Chang (Nov 12)