Snort mailing list archives
Re: Triggering a complex snort rule (packet forging)
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 02 Apr 2013 10:36:02 -0500
On 4/2/2013 07:28, Asiri Rathnayake wrote:
May be I should've been more specific, sorry about that. I need to trigger the rule from the outside, without depending on the client.
your rule requires an "established" connection so there has to be another end of the pipeline... the "server" is one end but where is the data going if there is no client involved? it may be possible, as others have pointed out, to simulate it via constructed pcaps, though... not really something i'd want to attempt unless there is a tool that can easily generate such a pcap of sufficient size... i'm not aware of one but others may be... my initial gut reaction says the /easiest/ method would be to use a scripted client and a remote server... ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- <Possible follow-ups>
- Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) waldo kitty (Apr 02)
- Message not available
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) waldo kitty (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) lists () packetmail net (Apr 02)