Snort mailing list archives

Re: Testing Snort

From: Kiira Triea <kiira-t () mail bsasinc org>
Date: Sun, 22 Jul 2001 08:37:18 -0400 (EDT)

Hi,

One way to test Snort if your using it to watch a webserver is to use 
www.safeweb.com or www.anonymizer.com and surf to you server and put cmd.exe at 
the end of the url.  This should trigger the cmd.exe exploit rule.
www.yourwebserver.com/cmd.exe

    Hello, I am new to snort and am wondering how other people test to see
if snort is working on their system.  I have seen security auditing
systems available on the web for on demand system challenges...is that
how you do it?  Or enlist a friend with scanning software?

-Jonathan


Another way to generate "attacks" of your own is to get the nemesis package
from www.packetfactory.net and build frames that trigger alerts. You can put
anything in the payload as well. It's convenient (and fun!) to create
single tcp,udp or icmp frames and see how they trigger. 

Kiira 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Testing Snort sleen (Jul 20)
- Re: Testing Snort Andreas Östling (Jul 20)
- Re: Testing Snort Wynn Fenwick (Jul 20)
  - Re: Testing Snort Craig Woods (Jul 20)
- <Possible follow-ups>
- Re: Testing Snort Dr SuSE (Jul 20)
  - Re: Testing Snort Kiira Triea (Jul 22)
- RE: Testing Snort Joe Stevensen (Jul 20)
- Re: Testing Snort Ben Johansen (Jul 20)
- Re: Testing Snort Dr SuSE (Jul 20)
- Testing snort Travis Farmer (Sep 06)
  - Re: Testing snort Dragos Ruiu (Sep 06)
  - Re: Testing snort Nathan Carey (Sep 06)
- Re: Testing snort gary . smith (Sep 07)
  - RE: Re: Testing snort ro0tw0rm (Sep 07)