Hosting Provided By

RE: Snort test logs available?

From: Chris Petersen <chris(at)security-conscious.com>
Date: Sun Apr 27 2003 - 10:06:42 EDT

You can also find network data containing attacks at http://www.ll.mit.edu/IST/ideval/data/data_index.html. This was a project done by MIT/DARPA. There are weeks worth of data from 98/99 generated in a "real-world" setting. These are also tcpdump files.

Whether you use these or the ones from SANS you will want to run snort in replay mode using the -r switch. This will run Snort against the TCPDump file and generate Snort alerts/logs.

snort -c /etc/snort/snort.conf -r /data/mit_data/wk1day1_tcpdump

Good luck.

Chris Petersen
Security Conscious, Inc.
www.security-conscious.com

> -----Original Message-----
> From: Bill Royds [mailto:Bill@royds.net]
> Sent: Saturday, April 26, 2003 2:12 PM
> To: Shwaine; focus-ids@securityfocus.com
> Subject: Re: Snort test logs available?
>
>
> SANS has a repository of Snort logs for use in the GCIA

INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids Received on Mon Apr 28 10:18:35 2003

This message: [ Message body ]
Next message: Pete Herzog: "RE: FW: Honeytokens and detection"
Previous message: Chris Petersen: "RE: ISS and Snort logs"
In reply to Bill Royds: "Re: Snort test logs available?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:11 EDT

Do you need help?