Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Snort signature packet generator: Thanks

from [Richard Bejtlich] Network Security [Permanent Link]
Subject: Re: Snort signature packet generator: Thanks
Date: Wed, 10 Nov 2004 12:27:58 -0500 
Graeme Connell wrote: 


To all who sent me links to programs generating packets from snort 
signatures: Thanks a bunch. I've got more than enough programs to start 
myself off with now.


I think Marty was too polite in his defense of Snort's features. 
Snort's TCP inspection capabilities have been immune to "testing" with
Snot, Stick, Sneeze, and now Mucus since the implementation of stream4
three years ago.  I would not waste time using stateless tools like
these to generate TCP traffic of any sort.

This topic seems to surface every 6 months or less, with often the
same suspect programs mentioned. [0]  I would like to see Marty get
credit for work he did in mid-2001 -- forget these stateless tools.

Besides using Nessus or replaying captured traffic, I recommend
generating real exploit traffic against live lab targets using
something like the Metasploit Framework. [1]  As far as open source
goes, you can't beat the Metasploit collection of quality exploits in
a user-friendly package.

Richard
http://www.taosecurity.com

[0] http://www.mcabee.org/lists/snort-users/Jun-04/msg00167.html
[1] http://www.metasploit.com/

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Snort signature packet generator: Thanks, Richard Bejtlich <=
Previous by Date:  Re: Snort signature packet generator: Thanks, Aaron
Next by Date:  Re: Snort signature packet generator, Stefano Zanero
Previous by Thread:  Snort vs. compressed HTML, Gary Freeman
Next by Thread:  DDOS Bot Blacklist, Andy Cuff
Indexes:  [Date] [Thread] [Top] [All Lists]