Score:0

Sending a malicious package as a test to test Suricata alerts

cn flag

I have a reverseproxy that proxies HTTP/HTTPS traffic between webbservers and I have set up Suricata in order to find and block malicious traffic to it.

Is there any way to trigger a alert via a CURL-request? Does the EICAR-test work?

I have done some googling but I could not find something straight-forward in order to trigger Suricata with curl.

Score:1
za flag

http://testmynids.org/uid/index.html or http://www.testmyids.ca/ can be used to test, it will raise an "Attempted Information Leak".

For the reverse proxy, you can create an HTML file with the content "uid=0(root) gid=0(root) groups=0(root)" on the web server 'http://webserver1/test_ids.html' then you can use curl to download it.

Orphans avatar
cn flag
This is indeed helpful, but it seems like this is more for an outgoing proxy (such as squid), and not a reverseproxy. I have made my question more clear regarding this.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.