Full Disclosure mailing list archives
Re: any tools for testing RPC
From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Sep 2006 10:18:30 -0400
On Thu, 28 Sep 2006 12:38:58 +0530, 6ackpace said:
I am testing RPC functionality in snort
You're *probably* testing 1 of the following 3 things: 1) That Snort detects known exploits it has a fingerprint for. Just letting it watch a wire that has Nessus or Metasploit pumping out exploits will likely test that. 2) That Snort detects things *similar* to things it has a fingerprint for (and additionally, if it false-positives on things it shouldn't). 3) That Snort doesn't itself get blown up by a malicious packet that claims to be an RPC, but which contains malformed code designed to exploit Snort's decoder functions. Knowing what to recommend is dependent on what exactly you're testing....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- any tools for testing RPC 6ackpace (Sep 28)
- Re: any tools for testing RPC Edward Pearson (Sep 28)
- Re: any tools for testing RPC Valdis . Kletnieks (Sep 28)