Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pentesting an IDP-System

From: Darren Bounds <dbounds () intrusense com>
Date: Sat, 29 May 2004 18:44:05 -0400
I recently completed a 60 day evaluation of several public and beta NIPS releases from Radware, ISS, TippingPoint and TopLayer. The methodology I used was based on that of NSS earlier this year.
See the following link for more information: http://www.nss.co.uk/download_form.htm 


Thank you,

Darren Bounds, CISSP

443D 628D 0AC7 CACF 6085
C0E0 B2FC 534B 3D9E 69AF

--
Intrusense - Securing Business As Usual


On May 29, 2004, at 7:03 AM, ph03n1x wrote:


Hello
I'm kinda new to this list and this is my first post so be nice to me :) 

Well I got an Intrusion Detection and Prevention System from a quite
famous company which they lend me for betatesting. I already compiled a
few exploits to test and it detected them quite reliable. (Didnt detect
the exploit but detected the shellcode)

Do you guys have an idea how i could test it more efficiently, is there
some software that automatically tries to attack with a bunch of the
most common and new exploits so i dont have to do it manually?
Preferably some GPL or other "free" stuff since i dont have a budget for 
this.

What are the must criterias for an IDP would appreciate any links or
papers.


thx for tips

ph

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: