IDS mailing list archives
Re: IDS Testing tool
From: ADT <synfinatic () gmail com>
Date: Tue, 15 Jun 2004 11:22:18 -0700
On Mon, 14 Jun 2004 14:00:21 -0700, Tom Arseneault <tarseneault () counterpane com> wrote:
I've heard this argument before and while the reasoning sound solid I've never seen any one quote examples. Has anyone done the research to support this? If so, and it's not under NDA, could they post a link to a white paper?
I haven't seen any papers or done any formal research. Mostly just been personal experiance which is likely to be biased.
If, as I suspect, the argument is valid and "vulnerability scanner" does not equal "IDS tester" the question then comes to would it be possible to write NASL scripts that could validly test an IDS? Is the issue with the way the current NASL scripts are written or is it something more fundamental? I dabble but I'm not trained as a programmer so the subtle stuff escapes me. One thing I do know is that these would have to be a special class of scripts with big red warnings "Do not live systems, your job may crash".
Yes, NASL (or CASL) can be used to write scripts which could test an IDS. However, you'd have to have a properly configured target system running the services to "attack" for it to work. Tools like tcpreplay and IDS Informer can test an IDS w/o a target system. As for the "Don't test live systems, your job/server may crash.". Yes this can happen. Some software is written very poorly and sometimes the vulnerability test is simular enough to the actual exploit to cause it to crash. Of course, some of it is also a CYA so that you don't go sue them when you bring down your network b/c you weren't sufficently warned. [snip cost/benifit analysis on IDS Informer] Honestly I don't know what it costs (I don't work for them, nor have I ever used their product). I'm sure they'd be happy to give you a quote and provide you all sorts of marketing material to help convince your boss(es) though. :) -Aaron --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS Testing tool Arun Vishwanathan (Jun 07)
- Re: IDS Testing tool Anton A. Chuvakin (Jun 12)
- Re: IDS Testing tool ADT (Jun 13)
- Re: IDS Testing tool Ron Gula (Jun 15)
- Re: IDS Testing tool ADT (Jun 13)
- <Possible follow-ups>
- Re: IDS Testing tool Tobias Klein (Jun 15)
- Re: IDS Testing tool ADT (Jun 15)
- Re: IDS Testing tool dhm (Jun 16)
- Re: IDS Testing tool typhon --- (Jun 16)
- RE: IDS Testing tool BLADE Software - Chris Ralph (Jun 17)
- RE: IDS Testing tool Tom Arseneault (Jun 21)
- Re: IDS Testing tool ADT (Jun 16)
- RE: IDS Testing tool Ron Gula (Jun 21)
- Re: IDS Testing tool Anton A. Chuvakin (Jun 12)