IDS: Re: Snort signature packet generator: Thanks

[Don Parker <dparker () bridonsecurity com>]

To chime in, a little late it seems, you may also want to look at hping3 and isic 
as well. 

Cheers

--------------------------------------------------------------
Don Parker, GCIA GCIH
Intrusion Detection & Incident Handling Specialist
Bridon Security & Training Services
http://www.bridonsecurity.com
voice: 1-613-302-2910
--------------------------------------------------------------

On Mon, 08 Nov 2004 13:45 , Graeme Connell <gconnell () middlebury edu> sent:

> To all who sent me links to programs generating packets from snort 
> signatures:  Thanks a bunch.  I've got more than enough programs to 
> start myself off with now.  For those of you with the same question as 
> me, here's a rundown of what I've received:
>
>
>
> Snot: http://www.stolenshoes.net/sniph/index.html
>
> Stick: http://www.eurocompton.net/stick/projects8.html
>        http://www.securityfocus.com/tools/1974
>
> Blade's IDS Informer: http://www.blade-software.com/IDSInformer.htm
>
> FPG: http://www.geschke-online.de/FLoP/
>
> Nemesis: http://nemesis.sourceforge.net/
>
> Sneeze: http://www.securiteam.com/tools/5DP0T0AB5G.html
>
> Mucus: http://www.cs.ucsb.edu/%7Ersg/Mucus/index.html
>
>
>
> Some comments:
> I'm not sure if Blade Software's IDS Informer 30-day trial liscence will 
> allow me to use it for research purposes.  I've contacted them and am 
> waiting for a response.
>
> As for using Nemisis / Nmap, the problem is that I'm looking to generate 
> very large data sets, and crafting each packet with nemesis would take 
> me the rest of my life.  Nmap is a bit too specialized (scanning only).
>
> By the way, I've been trying to download Shmoo Group's Capture the 
> Root-Fu (http://www.shmoo.com/cctf/\) to use for the same purpose, but as 
> of yet I'm unable to download through either the Bittorrent or the Http 
> link.  Does anyone have this packet dump mirrored anywhere?  Or sitting 
> at home collecting dust on a CD?
>
> Once again, thanks for all the help.
>
>               --Graeme
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> --------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------