RE: Snort signature packet generator

• Previous message: Eric Hines: "RE: Snort signature packet generator"
• In reply to: Graeme Connell: "Snort signature packet generator"
• Next in thread: adam.w.hogan: "RE: Snort signature packet generator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Graeme Connell'" <gconnell@middlebury.edu>, <focus-ids@securityfocus.com>
Date: Mon, 8 Nov 2004 10:27:22 -0500

You might want to take a look at stick or snot... They can be found at:

Snot: http://www.stolenshoes.net/sniph/index.html

Stick: http://www.eurocompton.net/stick/projects8.html
         http://www.securityfocus.com/tools/1974

Jeff

> -----Original Message-----
> From: Graeme Connell [mailto:gconnell@middlebury.edu]
> Sent: Friday, November 05, 2004 12:29 PM
> To: focus-ids@securityfocus.com
> Subject: Snort signature packet generator
>
> I'm attempting to train a neural network using snort, and I'm having
> trouble getting a good number of "bad" packets, IE: those that snort
> considers malicious. Since a snort signature is really just a
> definition of a subset of all possible packets, it seems like
> it should
> be possible to create a packet that snort considers bad by filling in
> packet fields based on a snort signature, then filling the
> rest of the
> packet with random garbage. Does anyone know if this type of program
> has already been created, and if so, where could I find it? Thanks.
>
> --Graeme Connell
>
> --------------------------------------------------------------
> ------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world
> attacks from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------
> ------------
>
>

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: Eric Hines: "RE: Snort signature packet generator"
• In reply to: Graeme Connell: "Snort signature packet generator"
• Next in thread: adam.w.hogan: "RE: Snort signature packet generator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Snort signature packet generator ... > packet fields based on a snort signature, then filling the rest of the ... fpg is part of the Fast Logging Project for snort: ... you should disable stream4 for this case. ... (Focus-IDS) RE: Snort signature packet generator ... Subject: Snort signature packet generator ... Find out quickly and easily by testing it with real-world attacks from ... CORE IMPACT. ... (Focus-IDS) Snort signature packet generator ... I'm attempting to train a neural network using snort, ... packet fields based on a snort signature, then filling the rest of the ... (Focus-IDS) RE: Need Help in My Project ... Packet Decoding ... Find out by easily testing it with real-world attacks from CORE IMPACT. ... (Focus-IDS) Re: CISCOs new IPS ... - increased packet latency through the IPS. ... failure to detect at high packet rates or high mbps rates. ... > Find out quickly and easily by testing it with real-world attacks from ... > CORE IMPACT. ... (Focus-IDS)