Re: [Fwsnort-discuss] Fwsnort
Brought to you by:
mbr
Menu
▾
▴
Re: [Fwsnort-discuss] Fwsnort
|
From: Michael R. <mb...@ci...> - 2017-02-08 02:14:24
|
On Tue, Feb 7, 2017 at 2:54 PM, Gokan Atmaca <lin...@gm...> wrote: > Hello > > I use it on Debian. I am doing DOS attack as below. But he does not stop > at all. > > # hping3 -c 100 -d 120 -S -w 64 -p 21 --flood --rand-source > 192.168.122.225 > The main reason for using fwsnort is to translate Snort rules into iptables rules, and the bulk of Snort rules look for application layer attacks. Such attacks - which can sometimes result in full remote code execution - are typically more interesting than DOS attacks. A DOS attack isn't going to result in a compromised system under the control of an attacker. If you are looking for DOS protection, then fwsnort is not the best tool for this. --Mike > > Thanks. > > On Tue, Feb 7, 2017 at 5:31 PM, Michael Rash <mic...@gm...> > wrote: > > > > > > On Tue, Feb 7, 2017 at 9:04 AM, Gokan Atmaca <lin...@gm...> > wrote: > >> > >> Thanks... > >> > >> On Tue, Feb 7, 2017 at 4:13 PM, Alex Woehr <ale...@3f...> > wrote: > >> > Gokan, if you purchase the book by Michael Rash "Linux Firewalls," it > >> > discusses how to test individual rules. Of course, you cannot test all > >> > 18,000 rules at once, but testing a couple of them could be good. > >> > > >> > I would select an easy to test rule from the list. > > > > > > Yes, indeed this would work. Since the book was published, the fwsnort > > project also supports the --include-perl-triggers command line option. > While > > it is a bit tricky to work with, it can provide a path for effective > > testing. From the man page:; > > > > > > --include-perl-triggers > > > > Include 'perl -e print ... ' commands as comments in the > > fwsnort.sh script. These > > > > commands allow payloads that are designed to trigger snort > > rules to easily be built, > > > > and when combined with netcat (or other software that can > send > > bytes over the wire) > > > > it becomes possible to test whether an fwsnort policy > > appropriately triggers on > > > > matching traffic. > > > > > > Thanks, > > > > --Mike > > > > > >> > >> > > >> > Thanks, > >> > Alex > > > > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > _______________________________________________ > > Fwsnort-discuss mailing list > > Fws...@li... > > https://lists.sourceforge.net/lists/listinfo/fwsnort-discuss > > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fwsnort-discuss mailing list > Fws...@li... > https://lists.sourceforge.net/lists/listinfo/fwsnort-discuss > -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F |