Snort mailing list archives
Re: Triggering a complex snort rule (packet forging)
From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 2 Apr 2013 13:31:47 +0100
You could look at grabbing a real packet and using tcpreplay maybe? On 2 April 2013 13:28, Asiri Rathnayake <asiri.rathnayake () gmail com> wrote:
Hi Jamie, Thank you for the quick response! Wouldn't the easiest way be to set up a page on a remote webserver whichmatches the signature (content:"") ? Then you could hit download as much as you like, and you should get an alert.For testing the rule repeatedly, yes, this would work. However, this involves the client (hitting download). What I'm interested in is if I could simply send packets from outside and trigger the rule (without having the client to do anything). This is why I was looking into packet forging, sort of like trying to emulate return traffic from the server (matching the signature of the rule). May be I should've been more specific, sorry about that. I need to trigger the rule from the outside, without depending on the client. Many thanks. - Asirithanks, Jamie -- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden
------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- <Possible follow-ups>
- Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Jamie Riden (Apr 02)
- Re: Triggering a complex snort rule (packet forging) waldo kitty (Apr 02)
- Message not available
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) waldo kitty (Apr 02)
- Re: Triggering a complex snort rule (packet forging) Asiri Rathnayake (Apr 02)
- Re: Triggering a complex snort rule (packet forging) lists () packetmail net (Apr 02)