Snort mailing list archives
Re: testing snort
From: counter.spy () gmx de
Date: Sun, 16 Jun 2002 19:04:57 +0200 (MEST)
hiii everybody
Hello,
i am new in using snort i have setup all my needed configuration.... i now need to test it so i downloaded two programs "fragrouter" which i
cant run on >
redhat 7.2 and snot which has a problem with the type of my
nic "not prism 2 NIC" ??? is there another tools that tests all or almost all the signatures that snort detects for example its input is a rule file that it will trigger .... any help is apreciated .....thanx in advance...
Well there are a variety of good tools for IDS testing, but which of these are the "right" tools depends on what you actually want to test. Do you want to just get an idea about how snort works and reacts, do you want to do benchmarks (which is a _very_ hairy issue and I would not claim to be able to do that properly myself), or do you simply want to check if all rules you configured are working properly? I have used snot and other tools during my evaluations just in order to learn something about the "look and feel" of snort and other IDSs and in order to learn what things are really important when using an IDS in practice (in comparison to what some theoretical papers tell us what should be important). Stick, Snot and fragrouter and fragroute (there's a difference between those last two) are good tools for testing functionality and reassembly issues as well as statefulness. You really should try to get those tools working on your system. From what I know this should be no real big problem. Hope that helps, Detmar -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Testing Snort Darren Young (May 20)
- <Possible follow-ups>
- RE: Testing Snort Potts, Ross A. (May 21)
- testing snort john (Jun 14)
- Re: testing snort counter . spy (Jun 16)