RE: signature testing (win32)

["Hicks, John" <JHicks () JUSTICE GC CA>]

A number of tools can be used to unobtrusively test snort. Off the top of my
head here are a few of my favories:

Nmap O/S detection as well as various types of port scanning (www.nmap.org);
Cerberus Internet Scannet - bannering/testing of various services
(http://www.cerberus-infosec.co.uk/cis.shtml)
Nikto - web server scanner based on RFP's libWhisker code
(http://www.cirt.net/code/nikto.shtml)

hth,

John


-----Original Message-----
From: netsec novice [mailto:netsec9 () hotmail com]
Sent: Tuesday, September 10, 2002 8:06 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] signature testing (win32)


Have SNORT/ACID set up and would like to verify that I'm detecting traffic 
on required subnets.  I have seen reference to a tool called 'sneeze' that 
will generate false alarms but I have not been able to find it.  Is there 
another way I can verify my setup by creating alerts that won't be 
destructive?

thanks


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx



-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users