Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing My Snort DIDS

From: twig les <twigles () yahoo com>
Date: Fri, 10 Oct 2003 15:24:26 -0700 (PDT)
I just sent my IDS test plan to the list (Monday I think) but no
one said anything so I'm not sure if the attachment got
bit-bucketed (or just a collective *yawn*).  Basically if you
can scrounge up a similar box and do an exact same configuration
but leave the test box inside of a secure LAN it helps
tremendously.  Then just setup a box to slap around (throw up a
web server, ftp, finger, whatever) and an attack box (laptop
running *nix for tools).  You won't be able to test every rule
so pick 20 or so at random (or semi-random, MS shop skips SunRPC
rules...).  Or pick 50....  Lemme know if you want that excel I
drew up and I'll mail it offlist.

--- Aaron Babalola <roniebabs () yahoo com> wrote:

I have tested my Snort IDS with Nessus, it is clear that it is
working, but is there any means to test other signature since
Nessus does not have all of the signatures. 
 
I will also appreciate any suggestion from any Professor about
evaluating an ids for a thesis. I implemented the design of
Steven Scot for Enterprise Intrusion detection system with
some modifiction to suit my needs and requirement. I have
tested the IDS against some signature, but i need to present
the test to my supervisor who doesn't seem to have a clue of
whats going on in IDS(
http://www.superhac.com/docs/snort_enterprise.pdf) I will
appreciate any assistance from anyone out there
Aaron


---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search



=====
-----------------------------------------------------------
Get a taste of Religion ... eat a priest!       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: