|
|
|
|
Snort Forums Archive
Archive Home » Snort.org Discussion » good packets?
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
good packets?
Posted by dazzahome on October 20, 2005 05:22:43
Would it be possible to use a snort rules file, to be able to feed a bad packet into the “web page”, have this packet fire off to a rules database and discover whether snort detects this packet? Could this be used to attempt to evade snort rules? Would it then be possible to take a good packet and do the same process but at the same time, have the user update the database with details of a good packet.
The reason being, would it be possible to use snort to create a database (not capture the whole packet) of what good packets are doing. My reasoning is to be able to see when abnormal traffic patterns start to occur before a rule is triggered. I guess it would be a snort, but for good packets with the rules associated with them. But with the web page addition to be able to add comments to good packets for individual networks. Like we do for bad packets, but this way we could do traffic pattern analysis. I guess I’m just throwing it out there to see what people think? I’m not a hardcore programmer I’m just brain dumping this to see reactions, I know I’m rambling…probably had too much coffee
|
|
Posted by mwatchinski on November 02, 2005 12:58:41
Not sure I understand what your trying to do.
Could you post an example of how this would work and the results you would be looking for? |
|
|
|
|
|
