Snort mailing list archives
Re: Triggering a complex snort rule (packet forging)
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 02 Apr 2013 10:37:43 -0500
On 4/2/2013 08:11, lists () packetmail net wrote:
Welcome to the IDS fun :) I'd just stand up a webserver you can control over and craft the pages to send the payload you're attempting to match on. This is what I do and it's much easier than packet forging. Also, consider too, this is as close as you can get to real world examples of the content you're trying to match on. You're behaving exactly as a webserver should and you don't need to worry about false negatives or false positives as a result of packet forging/crafting on the wire.
+1 :) ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Triggering a complex snort rule (packet forging), (continued)
- Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) waldo kitty (Apr 02)
- Message not available
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) waldo kitty (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) lists () packetmail net (Apr 02)