Home page logo

snort logo Snort mailing list archives

Re: Triggering a complex snort rule (packet forging)
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 02 Apr 2013 10:36:02 -0500

On 4/2/2013 07:28, Asiri Rathnayake wrote:
May be I should've been more specific, sorry about that. I need to trigger the
rule from the outside, without depending on the client.

your rule requires an "established" connection so there has to be another end of 
the pipeline... the "server" is one end but where is the data going if there is 
no client involved?

it may be possible, as others have pointed out, to simulate it via constructed 
pcaps, though... not really something i'd want to attempt unless there is a tool 
that can easily generate such a pcap of sufficient size... i'm not aware of one 
but others may be...

my initial gut reaction says the /easiest/ method would be to use a scripted 
client and a remote server...

Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]