Re: Firewall Tester 0.6

From: Andrea Barisani (lcars@infis.univ.trieste.it)
Date: 04/11/02


Date: Thu, 11 Apr 2002 19:46:12 +0200
From: Andrea Barisani <lcars@infis.univ.trieste.it>
To: Steve Halligan <giermo@geeksquad.com>

On Thu, Apr 11, 2002 at 11:41:13AM -0500, Steve Halligan wrote:
> Snort with the stream4 preprocessor will not false on these types of
> signature replaying attacks (ie Stick, Snot)

Actually my tool is designed to test that kind of features by spoofing a real
connection, in fact it was very useful in testing and finding a bug in snort stream4
preprocessor (fixed in version 1.8.6).

------------------------------------------------------------
INFIS Network Administrator & Security Officer .*.
Department of Physics - University of Trieste /V\
lcars@infis.univ.trieste.it - PGP Key 0x8E21FE82 (/ \)
---------------------------------------------------- ( )
"How would you know I'm mad?" said Alice. ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------



Relevant Pages

  • Re: Firewall Tester 0.6
    ... >signature replaying attacks ... Snort w/ stream4 will not false on signature ...
    (Focus-IDS)
  • Re: SNORT Testing
    ... Unless someone updated stick & snot to actually send both client & ... it's a bogus test because recent versions ... read the snort faq about stick & snot: ... There's a lot of tools available for performance testing and a lot of ...
    (Focus-IDS)
  • Re: Chuckles
    ... hysterectomy. ... I mean snort! ...
    (sci.med.transcription)
  • Re: Sites to display my food
    ... You are a nosy little snot. ... Chatty Cathy ...
    (rec.food.cooking)
  • Re: Has anyone living above their means complained?
    ... snot I mean snort! ... defend this shit. ...
    (sci.med.transcription)