[Oisf-users] evasion techniques test scenario
Leonard Jacobs
ljacobs at netsecuris.com
Wed Jun 19 10:23:05 UTC 2013
I believe drop.log only is used when doing nfq method to do IPS. Af-packet IPS mode should be placing a drop flag in the fast.log file.
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Tuesday, June 18, 2013 1:35 PM
To: oisf-users at openinfosecfoundation.org; oisf-users-bounces at openinfosecfoundation.org
Subject: [Oisf-users] evasion techniques test scenario
I am using evader to test evasion techniques
Therefor I am using suricata as an IPS
first I wanted to test suricata with alert rules
But when runnig multiple evasions no alert is there .My fast.log is not even created .
Then I changed all the rules to drop and drop.log is also empty .
Is my ips working fine ?????
Do you have any testing scenario to test if my ips is working fine (with backtrack maybe)
--
Amani smiai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130619/08e1c80f/attachment-0002.html>
More information about the Oisf-users
mailing list