Snort mailing list archives
Re: false positive generator
From: Ravi <ravivsn () roc co in>
Date: Wed, 11 Feb 2004 10:04:04 +0530
Hi Matt and All,I ran Nessus on Snort including NIDS evasion techniques, I do got so many alerts, I dont think all of them are false positives. Most of them fall under the category of Bad traffic and few are the exploits. I wonder how you ran Nessus on the victim machine. Is Hydra plugin working with Nessus and I would like to know how did you enable NIDS evasion techniques of Nikto with Nessus. Just trying to clarify what I did is correct. :)
About false positive generator, I developed a tool at home which generated lot of false postivies in snort. I would like to release it in next month after I complete writing a good make file and other docs.
Cheers, -Ravi Rendezvous On Chip (I) Pvt Ltd http://www.rocsys.com Matt Kettler wrote:
At 01:39 PM 2/10/2004, Peggy Kam wrote:I am currently using snort-2.1.1-RC1 and am trying to use sneeze to generate some false positves. However, it does not seem to work at all (as mentioned previously). Does anyone know if there's another false positive generator out ther?Well, if anyone knows something that's a false positive, let the snort developers know so they can fix it ASAP.Are you really trying to generate _false_ positives, or just generate alerts? Not all alerts require an actual overflow to occur..A nessus safe-mode scan should fire off at least a few alerts, although I'll admit I haven't tried it recently.------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Need help with Sneeze Peggy Kam (Feb 09)
- Re: Need help with Sneeze ravivsn (Feb 09)
- false positive generator Peggy Kam (Feb 10)
- Re: false positive generator twig les (Feb 10)
- Re: false positive generator Dirk Geschke (Feb 11)
- Re: false positive generator Matt Kettler (Feb 10)
- Re: false positive generator Ravi (Feb 10)
- Re: false positive generator Dirk Geschke (Feb 11)
- false positive generator Peggy Kam (Feb 10)
- Re: Need help with Sneeze ravivsn (Feb 09)