PS: Kindly, excuse my ignorance.
Snot is one tool that I just read about, that it simulates DoS for testing Snort signatures. I was unable to download snot from geocities link given in the SecurityFocus tools listing. My question is: Case 1: Are there any tools that takes in the snort rules or some other rule sets and identifies the traffic direction, ports etc. and then generates a payload that simulates the content/uricontent along with all the conditions that might satisfy a signature listed in the particular IDS/IPS, to test if it is enabled or disabled, based on how it triggers. Case 2: If case one already exists, has anyone written something where it just does not find whether signature triggers for one particular case, but also find the boundary conditions for the combinations in a single signature (with in pcre, combination of Pcre and content and all other possible combination). In other words, test for various possibilities. Case 3: If both case 1 and case 2 exists, can this be used to combine more than one signatures in your rule set to one effective signature. I am preparing for some exam and I was reading up on Snot. I just got these questions in my mind incidentally. Thank you for your time :-) Kind Regards, Shyaam PS: Kindly, excuse my ignorance. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
