Re: [Snort-users] Where can i get a Simlation attack to see if all my rules work! ?
This is a discussion on Re: [Snort-users] Where can i get a Simlation attack to see if all my rules work! ? within the Snort forums, part of the System Security and Security Related category; Hi Soldier, > yeah i need some thing to test my rules,, i heard > something about it, but i ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-14-2004
|
|||
|
|||
Re: [Snort-users] Where can i get a Simlation attack to see if all my rules work! ?
Hi Soldier,
> yeah i need some thing to test my rules,, i heard > something about it, but i dont know where could i get > a simulation atack!! one possibility to test most of the rules is the = false-positive-generator 'fpg' which is part of FLoP: http://www.geschke-online.de/FLoP Not all keywords are yet supported and you have either to disable the stream4 preprocessor or remove the = "established" keyword to generate alerts. Otherwise all packets are dropped because they don't belong to a real connection. Some documentation can be found at http://www.geschke-online.de/doc/c1782.html or the manual page http://www.geschke-online.de/FLoP/fpg.8.html A linux binary is also available http://www.geschke-online.de/FLoP/bin/fpg Best regards Dirk ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
