IDS mailing list archives
Re: Snort signature packet generator: Thanks
From: Richard Bejtlich <taosecurity () gmail com>
Date: Wed, 10 Nov 2004 12:27:58 -0500
Graeme Connell wrote:
To all who sent me links to programs generating packets from snort signatures: Thanks a bunch. I've got more than enough programs to start myself off with now.
I think Marty was too polite in his defense of Snort's features. Snort's TCP inspection capabilities have been immune to "testing" with Snot, Stick, Sneeze, and now Mucus since the implementation of stream4 three years ago. I would not waste time using stateless tools like these to generate TCP traffic of any sort. This topic seems to surface every 6 months or less, with often the same suspect programs mentioned. [0] I would like to see Marty get credit for work he did in mid-2001 -- forget these stateless tools. Besides using Nessus or replaying captured traffic, I recommend generating real exploit traffic against live lab targets using something like the Metasploit Framework. [1] As far as open source goes, you can't beat the Metasploit collection of quality exploits in a user-friendly package. Richard http://www.taosecurity.com [0] http://www.mcabee.org/lists/snort-users/Jun-04/msg00167.html [1] http://www.metasploit.com/ -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Snort signature packet generator: Thanks Richard Bejtlich (Nov 12)