Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Help would be appreciated!

From: Charlie Egan <chas5873 () gmail com>
Date: Thu, 12 Jun 2014 19:02:15 +0100
Hi guys,

I've been playing around with Snort for a while now as a little project of
mine, and I'm doing my best to get the hang of writing rules for it. I'm
becoming more familiar with how signatures are made, and I'd like to begin
writing rules which aren't currently detected by Snort, even if they're
fairly simple ones.

Currently I'm using Snort as a sniffer on a Kali Linux VM, metasploit on
another Kali Linux VM, and Windows 2000 & XP as victim machines. I've been
looking for exploits on sites such as exploit db and 1337day, and I'm
trying to start with plain text protocols such as FTP and HTTP to make
writing the rules slightly easier for me (using basic regular expressions
and such).

If anybody could help me out it would be much appreciated, I've been trying
to get my head around writing a rule that's not currently detected for a
while now, and I'm not having much luck.

I'm not familiar with how these mailing lists work as well, so apologies if
this isn't the sort of thing I should be posting - I've looked quite
thoroughly for forums dedicated to Snort, and was hoping to find some good
ones, especially with sections for beginners, although haven't had any luck
as of yet.

Thanks for any help,

Charlie

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: