Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Snort signature packet generator

from [Eric Hines] Network Security [Permanent Link]
Subject: RE: Snort signature packet generator
Date: Mon, 8 Nov 2004 10:15:35 -0600 
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Graeme,

Several exist. 

1) Snot
2) Stick

However, a pretty awesome tool that we've been using internally is
IDS Informer from Blade Software (http://www.blade-software.com) This
tool not only sends the attacks out on the wire but also completes a
three-way handshake with the attack simulating a victim host to make
Snort/any IDS think an actual attack is taking place. You can choose
from hundreds if not more, attacks from its attack selector. They'll
give you a 30-day trial if you want to sniff it out. It is definitely
worth a look at! 

http://www.blade-software.com/IDSInformer.htm


Regards,

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, Inc.
http://www.appliedwatch.com
Direct: (877) 262-7593 x327
1134 N. Main St.
Algonquin, IL 60102

 

- -----Original Message-----
From: Graeme Connell [mailto:gconnell@middlebury.edu] 
Sent: Friday, November 05, 2004 11:29 AM
To: focus-ids@securityfocus.com
Subject: Snort signature packet generator

I'm attempting to train a neural network using snort, and I'm having
trouble getting a good number of "bad" packets, IE: those that snort
considers malicious.  Since a snort signature is really just a
definition of a subset of all possible packets, it seems like it
should be possible to create a packet that snort considers bad by
filling in packet fields based on a snort signature, then filling the
rest of the packet with random garbage.  Does anyone know if this
type of program has already been created, and if so, where could I
find it?  Thanks.

                --Graeme Connell

- ----------------------------------------------------------------------
- ----
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks
from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
- ----------------------------------------------------------------------
- ----


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQY+bpqG62zuWaFzQEQJcwACeJhLDgCoAfjUBFX5fKvQQ6pgex6cAoKwt
60UxjfFZtsoDDuqUn32FSw14
=PDRb
-----END PGP SIGNATURE-----


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TippingPoint Releases Open Source Code for FirstIntrusionPrev ention Test Tool, Tomahawk, Martin Roesch
Next by Date:  RE: Snort signature packet generator, Jeff Dell
Previous by Thread:  Snort signature packet generator, Graeme Connell
Next by Thread:  RE: Snort signature packet generator, Jeff Dell
Indexes:  [Date] [Thread] [Top] [All Lists]