Snort mailing list archives
Re: Generating packets from Snort 3 rules
From: Stephen Reese via Snort-sigs <snort-sigs () lists snort org>
Date: Tue, 26 Jul 2022 07:07:49 -0400
Joel, Which tools are used? More importantly, I would be interested to know if the pcap’s are available for research purposes? This would be to load the pcap’s into Scapy to modify packet’s payloads based on the research criteria. Thanks, Stephen On Mon, Jul 18, 2022 at 9:38 AM Joel Esler <joel.esler () me com> wrote:
Is there a tool used at Talos to generate packets? Yes. Various open source tools are used to wrap things like text and single packets into full session packets, but overwhelming like (like 99x out of 100) the packets that are being used to write and test the rules are *actual * attack packets against an actual host. Sometimes this means detonating malware in order to generate the traffic, sometimes this means writing an exploit to generate the traffic, but a pcap exists for every single rule written.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 15)
- Re: Generating packets from Snort 3 rules Alex Tatistcheff via Snort-sigs (Jul 16)
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Jul 18)
- Re: Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 27)
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Jul 26)
- Message not available
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Aug 02)
- Re: Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 27)