IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS testing tools

From: "André Luiz Rodrigues Ferreira" <andrelrf () gmail com>
Date: Sun, 3 Sep 2006 15:21:35 -0300
2006/8/28, SanjayR <sanjayr () intoto com>:


At 07:23 PM 8/24/2006, Deepak Seth wrote:
>
>Hello Jarleay,
>
>There are lots of tools freely available in the internet that you can use
>for IDS testing:

>1. Nessus

Nessus is a bad choice to test IDS as it is a vulnerability scanner.
so in many cases, it simply look for the version and reports if the
version is vulnerable. Therefore, no corresponding log will be found
in your IDS => many False Negatives (actually leading to FPs!!!!,
i.e. wrong conclusion)

>2. Hping

can be a good tool, but again it is a tool for crafting packets. you
should know what to send.

>3. Nmap

known tool for reconnaissance.

>4. Snort

How?? it itself is an IDS, so please let me know how can I use it to
test an IDS?

>5. TCP Replay

Again, it is a pcap file re-transmission tool. you need to have
capture of attacks.

>6. Netcat

Again good for reconnaissance and sending data, if you know what to send.

In my opinion, apart from tools mentioned in other mails under the
same thread, Metasploit (free) and TrafficIQ (commercial) and Core
Impact (commercial) are good choices.


I also would add the Nemesis (http://nemesis.sourceforge.net) for
packet injections.


Regards
-Sanjay

Sanjay Rawat
Security Research Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 424
Website : www.intoto.com

  Homepage: http://sanjay-rawat.tripod.com






>Search for these toold in google and you will get the corresponding website.
>
>-Deepak
>
>-----Original Message-----
>From: jarleay () gmail com [mailto:jarleay () gmail com]
>Sent: Monday, August 21, 2006 10:14 PM
>To: focus-ids () securityfocus com
>Subject: IDS testing tools
>
>I'm currently trying to find tools to test my IDS setup. I'm having problems
>finding active web pages where I can download tools like SNOT and STICK for
>download.
>
>
>1. Do you guys have any good sites that work properly for download?
>
>
>2. Do you recommend other good tools for testing? This is only a small LAN
>with one IDS
>
>
>3. Should I run the attacking machine on Winxp or some linux version? I'm
>most familiar with windows :(
>
>
>Cheers!
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks from CORE
>IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------





--
Andre Luiz Rodrigues Ferreira (si0ux) <andrelrf () gmail com>
*******************************************************************
Orlandia - SP - Brazil

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: