[Oisf-users] evasion techniques test scenario

Leonard Jacobs ljacobs at netsecuris.com
Wed Jun 19 10:23:05 UTC 2013


I believe drop.log only is used when doing nfq method to do IPS.   Af-packet IPS mode should be placing a drop flag in the fast.log file.
 
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Tuesday, June 18, 2013 1:35 PM
To: oisf-users at openinfosecfoundation.org; oisf-users-bounces at openinfosecfoundation.org
Subject: [Oisf-users] evasion techniques test scenario
 
I am using evader to test evasion techniques 
Therefor I am using suricata as an IPS 
first I wanted to test suricata with alert rules 
But when runnig multiple evasions no alert is there .My fast.log is not even created .
 
Then I changed all the rules to drop and drop.log is also empty .
Is my ips working fine ?????
 
Do you have any testing scenario to test if my ips is working fine (with backtrack maybe)
 
 
-- 
Amani smiai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130619/08e1c80f/attachment-0002.html>


More information about the Oisf-users mailing list