RE: Snort signature packet generator
From: Eric Hines (eric.hines_at_appliedwatch.com)
Date: 11/08/04
- Previous message: Martin Roesch: "Re: TippingPoint Releases Open Source Code for FirstIntrusionPrev ention Test Tool, Tomahawk"
- In reply to: Graeme Connell: "Snort signature packet generator"
- Next in thread: Jeff Dell: "RE: Snort signature packet generator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Graeme Connell'" <gconnell@middlebury.edu>, <focus-ids@securityfocus.com> Date: Mon, 8 Nov 2004 10:15:35 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Graeme,
Several exist.
1) Snot
2) Stick
However, a pretty awesome tool that we've been using internally is
IDS Informer from Blade Software (http://www.blade-software.com) This
tool not only sends the attacks out on the wire but also completes a
three-way handshake with the attack simulating a victim host to make
Snort/any IDS think an actual attack is taking place. You can choose
from hundreds if not more, attacks from its attack selector. They'll
give you a 30-day trial if you want to sniff it out. It is definitely
worth a look at!
http://www.blade-software.com/IDSInformer.htm
Regards,
Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, Inc.
http://www.appliedwatch.com
Direct: (877) 262-7593 x327
1134 N. Main St.
Algonquin, IL 60102
- -----Original Message-----
From: Graeme Connell [mailto:gconnell@middlebury.edu]
Sent: Friday, November 05, 2004 11:29 AM
To: focus-ids@securityfocus.com
Subject: Snort signature packet generator
I'm attempting to train a neural network using snort, and I'm having
trouble getting a good number of "bad" packets, IE: those that snort
considers malicious. Since a snort signature is really just a
definition of a subset of all possible packets, it seems like it
should be possible to create a packet that snort considers bad by
filling in packet fields based on a snort signature, then filling the
rest of the packet with random garbage. Does anyone know if this
type of program has already been created, and if so, where could I
find it? Thanks.
--Graeme Connell
- ----------------------------------------------------------------------
- ----
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks
from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
- ----------------------------------------------------------------------
- ----
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQY+bpqG62zuWaFzQEQJcwACeJhLDgCoAfjUBFX5fKvQQ6pgex6cAoKwt
60UxjfFZtsoDDuqUn32FSw14
=PDRb
-----END PGP SIGNATURE-----
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Martin Roesch: "Re: TippingPoint Releases Open Source Code for FirstIntrusionPrev ention Test Tool, Tomahawk"
- In reply to: Graeme Connell: "Snort signature packet generator"
- Next in thread: Jeff Dell: "RE: Snort signature packet generator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
