IDS mailing list archives
RE: IDS Testing Method
From: Majed Mohammed Ayoub Al-Shodari <majeds () sedcogroup com>
Date: Fri, 23 Jul 2004 00:22:41 +0300
Dear NAVTEJ, As you know there are thousands of the signatures of the NIDS. And it divided to categories. And you should know you cannot test them all, therefore, try to have many signatures from each category and do your test depends on the signature behaviour. If you select the required signatures for your test, please let me know which signatures to provide you by the methodology to test them all. If you need any further info, please don't hesitate to call me or drop me an email. Thank you and best regards -------------------------------------- Majed Mohammed Ayoub Tel. :(966-2) 606-6556 Ext. ( 361 ) Fax :(966-2) 606-1342 Ext. ( 1361 ) Mobile:(966-50) 33-67-69-1 Information Systems Security Administrator Technical Services Section Information Technology Department P. O. Box 4384 Jeddah 21491 Kingdom of Saudi Arabia -----Original Message----- From: M Shirk To: focus-ids () securityfocus com Sent: 7/21/2004 2:17 PM Subject: RE: IDS Testing Method If it is snort, you can use sneeze.pl to generate alerts. Also the common way to test the IDS is to use a vulnerability scanner like Nessus and scan a box, then run TCPDUMP and compare the packet count to make sure you are not dropping packets. If you are speaking of signatures, I usually just create or compile the exploits to make sure I am alerting on the traffic. Shirkdog -----Original Message----- From: tonavtejkohli () hotmail com [mailto:tonavtejkohli () hotmail com] Sent: Tuesday, July 20, 2004 6:48 AM To: focus-ids () securityfocus com Subject: IDS Testing Method Importance: Low Hi Lists, I'm trying to find out ways of testing different IDS systems. Is there any way, recommended'/best practice methodology for testing Network based IDS (NIDS) ? It would be very nice of you if anyone can give me some technical hints. Any information - papers, tools, links and own experience are much appreciated. Hoping for a reply soon from your side. Regards, NAVTEJ KOHLI _________________________________________________________________ Discover the best of the best at MSN Luxury Living. http://lexus.msn.com/ ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS Testing Method NAVTEJ KOHLI (Jul 20)
- Re: IDS Testing Method Charles Heselton (Jul 22)
- Re: IDS Testing Method michael.li (Jul 26)
- <Possible follow-ups>
- RE: IDS Testing Method M Shirk (Jul 22)
- Re: IDS Testing Method Nigel Houghton (Jul 25)
- Re: IDS Testing Method Andrea Barisani (Jul 25)
- Re: IDS Testing Method Nigel Houghton (Jul 25)
- RE: IDS Testing Method Majed Mohammed Ayoub Al-Shodari (Jul 25)
- Re: IDS Testing Method Ravi Kumar (Jul 26)