Re: Snort signature packet generator: Thanks
From: Don Parker (dparker_at_bridonsecurity.com)
Date: 11/10/04
- Previous message: Aaron: "Re: Snort signature packet generator: Thanks"
- Maybe in reply to: Graeme Connell: "Snort signature packet generator: Thanks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Nov 2004 15:33:48 -0800 To: focus-ids@securityfocus.com, Graeme Connell <gconnell@middlebury.edu>('binary' encoding is not supported, stored as-is) To chime in, a little late it seems, you may also want to look at hping3 and isic
as well.
Cheers
--------------------------------------------------------------
Don Parker, GCIA GCIH
Intrusion Detection & Incident Handling Specialist
Bridon Security & Training Services
http://www.bridonsecurity.com
voice: 1-613-302-2910
--------------------------------------------------------------
On Mon, 08 Nov 2004 13:45 , Graeme Connell <gconnell@middlebury.edu> sent:
>To all who sent me links to programs generating packets from snort
>signatures: Thanks a bunch. I've got more than enough programs to
>start myself off with now. For those of you with the same question as
>me, here's a rundown of what I've received:
>
>
>
>Snot: http://www.stolenshoes.net/sniph/index.html
>
>Stick: http://www.eurocompton.net/stick/projects8.html
> http://www.securityfocus.com/tools/1974
>
>Blade's IDS Informer: http://www.blade-software.com/IDSInformer.htm
>
>FPG: http://www.geschke-online.de/FLoP/
>
>Nemesis: http://nemesis.sourceforge.net/
>
>Sneeze: http://www.securiteam.com/tools/5DP0T0AB5G.html
>
>Mucus: http://www.cs.ucsb.edu/%7Ersg/Mucus/index.html
>
>
>
>Some comments:
>I'm not sure if Blade Software's IDS Informer 30-day trial liscence will
>allow me to use it for research purposes. I've contacted them and am
>waiting for a response.
>
>As for using Nemisis / Nmap, the problem is that I'm looking to generate
>very large data sets, and crafting each packet with nemesis would take
>me the rest of my life. Nmap is a bit too specialized (scanning only).
>
>By the way, I've been trying to download Shmoo Group's Capture the
>Root-Fu (http://www.shmoo.com/cctf/\) to use for the same purpose, but as
>of yet I'm unable to download through either the Bittorrent or the Http
>link. Does anyone have this packet dump mirrored anywhere? Or sitting
>at home collecting dust on a CD?
>
>Once again, thanks for all the help.
>
> --Graeme
>
>--------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks from
>CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>--------------------------------------------------------------------------
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Aaron: "Re: Snort signature packet generator: Thanks"
- Maybe in reply to: Graeme Connell: "Snort signature packet generator: Thanks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
