Snort mailing list archives

Re: testing snort

From: counter.spy () gmx de
Date: Sun, 16 Jun 2002 19:04:57 +0200 (MEST)

hiii everybody


Hello,

i am new in using snort i have setup all my needed configuration....
i now need to test it so i downloaded two programs "fragrouter" which i

cant run on >

redhat  7.2 and snot which has a problem with the type of my

nic "not prism 2 NIC" ???

is there another tools that tests all or almost all the signatures 
that snort detects for example its input is a rule file that it will 
trigger ....

any help is apreciated .....thanx in advance...


Well there are a variety of good tools for IDS testing, but which of these
are the
"right" tools depends on what you actually want to test.
Do you want to just get an idea about how snort works and reacts, do you
want to
do benchmarks (which is a _very_ hairy issue and I would not claim to be
able to do 
that properly myself), or do you simply want to check if all rules you
configured are
working properly?

I have used snot and other tools during my evaluations just in order to
learn
something about the "look and feel" of snort and other IDSs and in order to
learn what things are really important when using an IDS in practice (in
comparison
to what some theoretical papers tell us what should be important).

Stick, Snot and fragrouter and fragroute (there's a difference between those
last two)
are good tools for testing functionality and reassembly issues as well as
statefulness.

You really should try to get those tools working on your system. From what I
know this
should be no real big problem.

Hope that helps,
Detmar


-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Testing Snort Darren Young (May 20)
- <Possible follow-ups>
- RE: Testing Snort Potts, Ross A. (May 21)
- testing snort john (Jun 14)
- Re: testing snort counter . spy (Jun 16)