Re: [Snort-users] Testing My Snort DIDS
This is a discussion on Re: [Snort-users] Testing My Snort DIDS within the Snort forums, part of the System Security and Security Related category; I just sent my IDS test plan to the list (Monday I think) but no one said anything so I'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-11-2003
|
|||
|
|||
Re: [Snort-users] Testing My Snort DIDS
I just sent my IDS test plan to the list (Monday I think) but no
one said anything so I'm not sure if the attachment got bit-bucketed (or just a collective *yawn*). Basically if you can scrounge up a similar box and do an exact same configuration but leave the test box inside of a secure LAN it helps tremendously. Then just setup a box to slap around (throw up a web server, ftp, finger, whatever) and an attack box (laptop running *nix for tools). You won't be able to test every rule so pick 20 or so at random (or semi-random, MS shop skips SunRPC rules...). Or pick 50.... Lemme know if you want that excel I drew up and I'll mail it offlist. --- Aaron Babalola <roniebabs@yahoo.com> wrote: > I have tested my Snort IDS with Nessus, it is clear that it is > working, but is there any means to test other signature since > Nessus does not have all of the signatures. > > I will also appreciate any suggestion from any Professor about > evaluating an ids for a thesis. I implemented the design of > Steven Scot for Enterprise Intrusion detection system with > some modifiction to suit my needs and requirement. I have > tested the IDS against some signature, but i need to present > the test to my supervisor who doesn't seem to have a clue of > whats going on in IDS( > http://www.superhac.com/docs/snort_enterprise.pdf) I will > appreciate any assistance from anyone out there > Aaron > > > --------------------------------- > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search ===== ----------------------------------------------------------- Get a taste of Religion ... eat a priest! ----------------------------------------------------------- __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
