Snort mailing list archives

Re: Where can i get a Simlation attack to see if all my rules work! ?

From: Dirk Geschke <Dirk_Geschke () genua de>
Date: Wed, 14 Jan 2004 09:05:50 +0100

Hi Soldier,

yeah i need some thing to test my rules,, i heard
something about it, but i dont know where could i get
a simulation atack!!


one possibility to test most of the rules is the 
false-positive-generator 'fpg' which is part of
FLoP:

http://www.geschke-online.de/FLoP

Not all keywords are yet supported and you have either
to disable the stream4 preprocessor or remove the 
"established" keyword to generate alerts. Otherwise
all packets are dropped because they don't belong
to a real connection.

Some documentation can be found at

http://www.geschke-online.de/doc/c1782.html

or the manual page

http://www.geschke-online.de/FLoP/fpg.8.html

A linux binary is also available

http://www.geschke-online.de/FLoP/bin/fpg

Best regards

Dirk



-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Where can i get a Simlation attack to see if all my rules work! ? soldier Mx (Jan 13)
- Re: Where can i get a Simlation attack to see if all my rules work! ? Dirk Geschke (Jan 14)
- <Possible follow-ups>
- RE: Where can i get a Simlation attack to see if all my rules work! ? Button, William (STRA) (Jan 14)