Snort mailing list archives

Re: signature testing (win32)

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 11 Sep 2002 10:53:10 -0700 (PDT)

On Wed, 11 Sep 2002, netsec novice wrote:

Have SNORT/ACID set up and would like to verify that I'm detecting traffic
on required subnets.  I have seen reference to a tool called 'sneeze' that
will generate false alarms but I have not been able to find it.  Is there
another way I can verify my setup by creating alerts that won't be
destructive?


Make your life really simple.  Just have a rule that fires on a ping.  Then
ping a box on that net and you should have an alert.  No need to get other
programs, etc...  The simpler you keep it, the better off you are.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

signature testing (win32) netsec novice (Sep 10)
- Re: signature testing (win32) Matt Kettler (Sep 10)
- Re: signature testing (win32) Erek Adams (Sep 11)
- Re: signature testing (win32) Mark Villanova (Sep 15)
- Re: signature testing (win32) Robby Desmond (Sep 15)
- <Possible follow-ups>
- RE: signature testing (win32) Hicks, John (Sep 11)