I have a worm that its signature is in .txt file. Now I wanna check it with Snort IDS. I read the the manual page of Snort, But I couldn't find anything. How can I do this?(Is there a command for detecting worms signature using Snort something like snort -r worm.txt -c /etc/snort/snort.conf ?)
Asked
Active
Viewed 554 times
0
Richard
- 69
- 2
- 10
1 Answers
0
Try to send this file with "nc" in your local machine (just an idea)
You will need two terminal and Snort must be listening in you network interface :
The first terminal
nc -l 1234 > filename.out
The first terminal
nc host.example.com 1234 < Worm.txt
abdo
- 16
- 1