Re: difficulties in alert generation

[risc () synpacket net]

Another way to fire off alerts is to use:

http://snort.sourceforge.net/sneeze-1.0.tar

Requires Net::RawIP Perl module.

This perl script will however not fire off any stateful inspection rules.

risc


> The answer is, yes, the simplest way to generate alerts is to attack your own sensor.Try installing Nessus 
> http://www.nessus.org/ . You  can use it to attack your network for alerts only or you can enable the "dangerous" 
> plugins and really get some action.
> nwo


> Hello all...i am new to snort...in three weeks..i was able to install snortsuccessfully and i tested snort using some 
> basic rulesfor which i got alerts in the ACID page...now...i set the rule files in the snort.conf file (icommented 
> out the rule files) but i am not getting
>  anyreal alerts....i am able to log the packets into a file but until andunless we have the alerts (i.e alert 
> packets) we cantdifferenciate between the bad data and good data...sohow can i generate alerts using the existing 
> rulesets...do we have to work on the internet for a longtime(like opening websites or pornsites) when snort 
> isrunning.suggest me some method to generate data with theabnormalities...do we hav to attack our own network...and 
> if yes howdo we do that?the final thing is ...i want to generate real timealerts and i want to log data and analyze 
> that data...please mail me as soon as possible...thanking youregardsSantosh Bethi 
>
>   Yahoo! India Matrimony: Find your partner online. Post your profile.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users