IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing IDS/IPS Signatures

From: Andrea Barisani <lcars () infis univ trieste it>
Date: Fri, 28 May 2004 17:56:13 +0200
On Thu, May 27, 2004 at 06:30:44PM -0800, Securecatalyst wrote:

Hi All,

I want to learn if anyone knows any particular tool or product to test and
validate IDS/IPS rules and signatures?

I know Snot / Stick / Mucus-1 can do a good job however they can not test
the signatures when the IDS/IPS does a stateful-inspection. They simpy
import the SNORT signatures into packet and inject into the NW to test the
rules. However, they do not establish TCP 3-way handshake and stateful
engines (specifically for TCP, not UDP/ICMP) simply ignore them.


Hi, you can take a look at FTester:

http://ftester.sourceforge.net


--
------------------------------------------------------------
INFIS Network Administrator & Security Officer         .*. 
Department of Physics       - University of Trieste     V 
lcars () infis univ trieste it - GPG Key 0x864C9B9E      (   )
----------------------------------------------------  (   )
"How would you know I'm mad?" said Alice.             ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: