IDS mailing list archives
Re: To test IPS/IDS box.
From: Joshua Gimer <jgimer () gmail com>
Date: Mon, 5 May 2008 13:28:39 -0600
There are several tools that you can use to aid in testing.I would use some automated scanning tools first such as Nessus; this will show you how much information can be gathered about a remote system.
Metasploit can also be of use in this situation. I would suggest looking into the ips_filter.rb plugin.
You can also check some conference archives, and SANS reading room for more ideas, and techniques.
http://www.sans.org/reading_room/ http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.htmlI know that there was a presentation that was done in 2006 about, ids and ips evasion. I am sure that there are ton's of others.
Joshua Gimer On May 5, 2008, at 11:10 AM, Jamie Riden wrote:
Try to break into the network (make sure you have explicit permission first!) and see if it stops you, or alerts. Have a play with nessus, nmap and metasploit for example. I wouldn't actually go as far as attempting to infect the network with a virus- if it did work then you would have serious problems. You could try it on a completely isolated test network. cheers, Jamie On 05/05/2008, Paari <paarim () calsoftlabs com> wrote:Hi guys,Can you please give me some reference or links on how to test IPS/IDShardware box. Thanks, Paari-- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- To test IPS/IDS box. Paari (May 05)
- Re: To test IPS/IDS box. Jamie Riden (May 05)
- Re: To test IPS/IDS box. Joshua Gimer (May 05)
- Re: To test IPS/IDS box. Leon Ward (May 06)
- Re: To test IPS/IDS box. Joshua Gimer (May 05)
- RE: To test IPS/IDS box. Srinivasa Addepalli (May 07)
- <Possible follow-ups>
- Re: To test IPS/IDS box. abhicc285 (May 06)
- Re: To test IPS/IDS box. Paari (May 06)
- Re: To test IPS/IDS box. "Zow" Terry Brugger (May 06)
- Re: To test IPS/IDS box. Aaron Turner (May 06)
- Re: To test IPS/IDS box. Jamie Riden (May 05)