IDS mailing list archives

RE: Test tools for IDS

From: "Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>
Date: Tue, 30 Sep 2003 11:50:46 -0400
"Sneeze" is great for Snort IDS.  However I have only used it locally
for a static snort box.  I am in the process of trying to use sneeze
with the snort IDS rule sets to send false positives to different IDS's.
I don't think this will work but I am going to attempt it.  I don't know
how well the perl script fabricates the packets.  If it does accurately
then it may well work.  If not I will eventually examine the code and
see what can be tweaked w/o crashing the script.

"Snot" is supposed to be another good generator using the snort rule set
as input but I haven't used it.  I attempted to but the script wouldn't
run.  I installed the perl modules required but I think the
documentation is lacking one of the scripts.

I am using the sneeze on the snort Linux box I am sure it will run on
the snort windows box, but you have to install the perl interpreter on
the windows box and include the extension in your fields (forgot the
technical term) that will allow the box to accept perl.  Also the snort
rule sets may need to be ported over to .txt so that the but possibly
not.  I know this sounds like a lot but it really isn't from the Linux
side.  I had it up and running in 10 minutes (excluding the snort
install and configuration)


Thank You,
James T. Bohling, CCNA, Security+, MCP-Win2k
Network Security Engineer - JBC CoE
Joint C4ISR Battle Center (AMSEC)
116 Lake View Parkway
Suffolk, VA 23435
(W) 757-638.4032
Web: www.jbc.jfcom.mil
This email was produced and manufactured in America, and is a
one-of-a-kind original.




-----Original Message-----
From: Brian Laing [mailto:brian.laing () blade-software com] 
Sent: Monday, September 29, 2003 12:55 PM
To: 'Raj Ghosh'; focus-ids () securityfocus com
Subject: RE: Test tools for IDS


Raj,
        You can take a look at our product IDS informer which allows for
IDS testing including Inline IPS type testing, many of the IDS vendors
are finding it a useful application to testing their IDS and using it in
a sales/consulting environment.  You can get an eval at
www.bladesoftware.net.  Drop me a line if you have any questions.

Brian


-------------------------------------------------------------------
Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650.367.9376
eFax: +1 650.249.3443
Blade Software - Because Real Attacks Hurt 
http://www.Blade-Software.com
-------------------------------------------------------------------
 

-----Original Message-----
From: Raj Ghosh [mailto:rajghosh () hotmail com] 
Sent: Friday, September 26, 2003 3:58 PM
To: focus-ids () securityfocus com
Subject: Test tools for IDS




Hi,

Are there any good test suites available to test the IDS products for
intrusion coverage. A few I am looking at are

1) Nessus scanner

2) IDS Informer



Are there any other freeware or licensed products that anyone has
experience with?



TIA,

Raj

------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance
Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo

http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance
Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo

http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Current thread:

RE: Test tools for IDS Ganesharatnam C (Oct 02)
- <Possible follow-ups>
- RE: Test tools for IDS Bohling James CONT JBC (Oct 02)
- Re: Test tools for IDS Mark Teicher (Oct 02)