Re: Traffic logs to help with IDS testing and development

From: SCC (scc@globaldataguard.com)
Date: 02/12/03

  • Next message: Steven Richards: "RE: Active response... some thoughts." 
    From: SCC <scc@globaldataguard.com>
To: brennen-ml@off-pisteconsulting.com
Date: 11 Feb 2003 17:51:44 -0600

    Try the Honeypot Porject for very good packet captures

    On Mon, 2003-02-10 at 19:17, Brennen Reynolds wrote:
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Hello All,
    >
    > I have been tasked with assembling a collection of packet captures to be
    > used in an IDS testing and development project. I have spent some time on
    > Google but only encountered limited success. Thus far I have found the
    > DefCon 9 captures as well as the traditional data set from the Lincoln Labs
    > used in the 1999 evaluations. I know that the Shmoo group tried to capture
    > the DefCon 10 CTF but only got the packet headers (which isn't very
    > helpful). I found an old message from Ron Gula stating he had put up the
    > captures for DEFCON 8, DEFCON 7, SANS 2000 ID-NET and SANS 1999 ID-NET, but
    > the link is now dead.
    >
    > If anyone has any pointers to packet captures in TCPdump or any other easy
    > to use format I would be very grateful for the pointers. Thanks.
    >
    > Brennen
    >
    > - --
    > Brennen Reynolds - Chief Consultant/Owner - Off-Piste Consulting, LLC
    >
    > Email: brennen at off-pisteconsulting dot com Voice: (209) 258-4584
    > WWW: http://www.off-pisteconsulting.com Fax: (209) 258-4584
    >
    > PGP Fingerprint:
    > E868 8B0D 175D 7394 E7AE 9E71 38CC 2B63 A1EB 9D9F
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.0
    >
    > iQA/AwUBPkhPKjjMK2Oh652fEQLV1gCg6f+S33rndFZq7+QGB5bU/Ama0mMAnAyY
    > Xsmd5+jgdCvtyAYJyIVfhIhM
    > =LJrr
    > -----END PGP SIGNATURE-----