IDS mailing list archives
Re: False Positives
From: Tobias Klein <tobias.klein () ewetel de>
Date: Thu, 05 Jun 2003 11:34:03 +0200
here are a frew tools to test your ids ruleset http://www.packetstormsecurity.nl/distributed/stick.tgz http://securityfocus.com/data/tools/stick.tgz http://www.whitehats.com/cgi/tools/BrowseTree?field=Category&separator=:&recurse=1&order=&value=Assessment%3aIDS%20Testing%20and%20Evasion ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/snot/ http://www.robertgraham.com/tmp/sidestep.html http://adam.kaist.ac.kr/~bugsy/mendax.html http://www.hsc.fr/ressources/outils/idswakeup/ http://packetstorm.widexs.nl/UNIX/IDS/nidsbench/nidsbench.html think that will helps you -- newroot At 16:13 03.06.2003 +0000, Andi Hess wrote:
Hi there, I am new in the field of NIDS and I wonder if the problem of false positives is really this huge as mentioned in several publications. I am considering tools like PCP, Stick (I have never seen them, but read about them) which can be used to generate huge amount of packets and each on triggers an alarm on the victim IDS (a false positive, as the packets are not a real attack). As it has been impossible for me to find any of the above mentioned packet generators - I wonder how the packets look like? Is it possible to differentiate 'artifically' generated false positives from natural ones? Any hint is welcome! Thank you. A. ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities- including intrusion identification, relevancy, direction, impact and analysis- enabling a path to prevention.Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME?IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Current thread:
- False Positives Andi Hess (Jun 03)
- RE: False Positives Harshul Nayak (ealcatraz) (Jun 04)
- Re: False Positives Tobias Klein (Jun 05)
- <Possible follow-ups>
- Re: False Positives MARTIN M. Bénoni (Jun 04)
- RE: False Positives Steven Richards (Jun 04)
- RE: False Positives Fergus Brooks (Jun 04)
- RE: False Positives Dudley, Brian (ISS Chicago) (Jun 05)