Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Triggering a complex snort rule (packet forging)

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 02 Apr 2013 10:37:43 -0500
On 4/2/2013 08:11, lists () packetmail net wrote:

Welcome to the IDS fun :)  I'd just stand up a webserver you can control over
and craft the pages to send the payload you're attempting to match on.  This is
what I do and it's much easier than packet forging.  Also, consider too, this is
as close as you can get to real world examples of the content you're trying to
match on.  You're behaving exactly as a webserver should and you don't need to
worry about false negatives or false positives as a result of packet
forging/crafting on the wire.


+1 :)


------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: