Orphans

Asked: 2021-07-08 02:24:02 +0800 CST2021-07-08 02:24:02 +0800 CST 2021-07-08 02:24:02 +0800 CST

Sending a malicious package as a test to test Suricata alerts

I have a reverseproxy that proxies HTTP/HTTPS traffic between webbservers and I have set up Suricata in order to find and block malicious traffic to it.

Is there any way to trigger a alert via a CURL-request? Does the EICAR-test work?

I have done some googling but I could not find something straight-forward in order to trigger Suricata with curl.

1 Answers

Voted

St0rm
2021-07-08T03:12:17+08:002021-07-08T03:12:17+08:00
http://testmynids.org/uid/index.html or http://www.testmyids.ca/ can be used to test, it will raise an "Attempted Information Leak".

For the reverse proxy, you can create an HTML file with the content "uid=0(root) gid=0(root) groups=0(root)" on the web server 'http://webserver1/test_ids.html' then you can use curl to download it.
1

Sending a malicious package as a test to test Suricata alerts

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?