On Thu, 28 Sep 2006 12:38:58 +0530, 6ackpace said: > I am testing RPC functionality in snort
You're *probably* testing 1 of the following 3 things: 1) That Snort detects known exploits it has a fingerprint for. Just letting it watch a wire that has Nessus or Metasploit pumping out exploits will likely test that. 2) That Snort detects things *similar* to things it has a fingerprint for (and additionally, if it false-positives on things it shouldn't). 3) That Snort doesn't itself get blown up by a malicious packet that claims to be an RPC, but which contains malformed code designed to exploit Snort's decoder functions. Knowing what to recommend is dependent on what exactly you're testing....
pgpYGjV4fl52X.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
