“How do I test Snort?” is one of the most popular questions asked on the snort-users mailing list. While a seemingly simple question, the answer depends on your intent. Value-added resellers (VARs) and systems integrators (SIs) may need to provide customers with validation that the network intrusion detection system (IDS) is working as expected. This edition of Snort Report explains what it means to test Snort. I reveal some common misperceptions and offer alternatives to satisfy the majority of readers. A stateless approach for triggering Snort alerts is to generate traffic that should trigger Snort rules, but doesn’t rely on parsing Snort rule sets. IDSWakeup is a stateless packet generation tool. The following shows how IDSWakeup performs against Snort 2.6.1.5. I used the Debian package net/idswakeup on Ubuntu Linux against a FreeBSD sensor running Snort 2.6.1.5 and Sguil 0.6.1.
Browsing Posts published on August 17, 2007
If you’re a Fedora user the end of May means one thing…time for a new release! This year was no different as the Fedora project continued its aggressive six month release schedule. Fedora 7, code named “Moonshine”, is the latest version of the Red Hat influenced Linux distribution. Fedora regulars will note the absence of the word “Core” in the new name. This isn’t the only change with this release. We’ll delve into what’s new in 7 as well as review Fedora from a desktop standpoint.
Xen or VMWare? What’s your choice?:
Two days after VMWare had one of the most successful IPOs on recent years, and one day after XenSource announces that it is being acquired by Citrix. Money is flowing into the two major virtualization players at a rate we haven’t yet seen, what are your feelings about using Xen or VMWare on Linux?
Russia’s Bomber Force Resumes Long-Range Patrolling:
Russia’s strategic bombers have not ranged far from home since the collapse of the Soviet Union. But Vladimir Putin orders the resumption of long-range missions, mostly to give the American flyboys something to think about.
