IDS mailing list archives
Re: SNORT Testing
From: "Aaron Turner" <synfinatic () gmail com>
Date: Tue, 28 Feb 2006 23:01:14 -0800
On 2/27/06, Byron Sonne <blsonne () rogers com> wrote:
The tools that come to mind for me are 'stick' and 'snot': http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0096.html
Unless someone updated stick & snot to actually send both client & server side of the traffic, it's a bogus test because recent versions of snort (actually for well over a year now) look for a full TCP three way setup. For more info, read the snort faq about stick & snot: http://www.snort.org/docs/faq.html There's a lot of tools available for performance testing and a lot of research on methodologies... I suggest you search the list archives since this topic comes up about once a week. -- Aaron Turner http://synfin.net/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: SNORT Testing Martin Roesch (Mar 01)
- Re: SNORT Testing Eric Hines (Mar 03)
- <Possible follow-ups>
- Re: SNORT Testing Richard Bejtlich (Mar 01)
- Re: SNORT Testing Dirk Geschke (Mar 03)
- Re: SNORT Testing Aaron Turner (Mar 02)
- Re: SNORT Testing Byron Sonne (Mar 02)
- RE: SNORT Testing Terry Vernon (Mar 03)
- Re: SNORT Testing Stefano Zanero (Mar 09)
- RE: SNORT Testing Terry Vernon (Mar 03)