Snort mailing list archives
Re: Generating packets from Snort 3 rules
From: Joel Esler via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 18 Jul 2022 09:37:53 -0400
Is there a tool used at Talos to generate packets? Yes. Various open source tools are used to wrap things like text and single packets into full session packets, but overwhelming like (like 99x out of 100) the packets that are being used to write and test the rules are actual attack packets against an actual host. Sometimes this means detonating malware in order to generate the traffic, sometimes this means writing an exploit to generate the traffic, but a pcap exists for every single rule written.
On Jul 13, 2022, at 9:39 PM, Stephen Reese via Snort-sigs <snort-sigs () lists snort org> wrote: Is a tool used internally to generate packets to evaluate Snort rules before they are published? If so, might it be available for public use or is this a manual process? I have seen a number of public tools, most of which are research based that evaluate Snort rules and attempt to generate corresponding packets. Most existing tools are dated and focus on a subset of Snort 2 rules. I have begun the process of building a tool to evaluate Snort 3 rules but figure it would not hurt to ask if something already exists? _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 15)
- Re: Generating packets from Snort 3 rules Alex Tatistcheff via Snort-sigs (Jul 16)
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Jul 18)
- Re: Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 27)
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Jul 26)
- Message not available
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Aug 02)
- Re: Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 27)