IDS mailing list archives
RE: Test tools for IDS
From: "Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>
Date: Tue, 30 Sep 2003 11:50:46 -0400
"Sneeze" is great for Snort IDS. However I have only used it locally for a static snort box. I am in the process of trying to use sneeze with the snort IDS rule sets to send false positives to different IDS's. I don't think this will work but I am going to attempt it. I don't know how well the perl script fabricates the packets. If it does accurately then it may well work. If not I will eventually examine the code and see what can be tweaked w/o crashing the script. "Snot" is supposed to be another good generator using the snort rule set as input but I haven't used it. I attempted to but the script wouldn't run. I installed the perl modules required but I think the documentation is lacking one of the scripts. I am using the sneeze on the snort Linux box I am sure it will run on the snort windows box, but you have to install the perl interpreter on the windows box and include the extension in your fields (forgot the technical term) that will allow the box to accept perl. Also the snort rule sets may need to be ported over to .txt so that the but possibly not. I know this sounds like a lot but it really isn't from the Linux side. I had it up and running in 10 minutes (excluding the snort install and configuration) Thank You, James T. Bohling, CCNA, Security+, MCP-Win2k Network Security Engineer - JBC CoE Joint C4ISR Battle Center (AMSEC) 116 Lake View Parkway Suffolk, VA 23435 (W) 757-638.4032 Web: www.jbc.jfcom.mil This email was produced and manufactured in America, and is a one-of-a-kind original. -----Original Message----- From: Brian Laing [mailto:brian.laing () blade-software com] Sent: Monday, September 29, 2003 12:55 PM To: 'Raj Ghosh'; focus-ids () securityfocus com Subject: RE: Test tools for IDS Raj, You can take a look at our product IDS informer which allows for IDS testing including Inline IPS type testing, many of the IDS vendors are finding it a useful application to testing their IDS and using it in a sales/consulting environment. You can get an eval at www.bladesoftware.net. Drop me a line if you have any questions. Brian ------------------------------------------------------------------- Brian Laing CTO Blade Software Cellphone: +1 650.280.2389 Telephone: +1 650.367.9376 eFax: +1 650.249.3443 Blade Software - Because Real Attacks Hurt http://www.Blade-Software.com ------------------------------------------------------------------- -----Original Message----- From: Raj Ghosh [mailto:rajghosh () hotmail com] Sent: Friday, September 26, 2003 3:58 PM To: focus-ids () securityfocus com Subject: Test tools for IDS Hi, Are there any good test suites available to test the IDS products for intrusion coverage. A few I am looking at are 1) Nessus scanner 2) IDS Informer Are there any other freeware or licensed products that anyone has experience with? TIA, Raj ------------------------------------------------------------------------ --- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- RE: Test tools for IDS Ganesharatnam C (Oct 02)
- <Possible follow-ups>
- RE: Test tools for IDS Bohling James CONT JBC (Oct 02)
- Re: Test tools for IDS Mark Teicher (Oct 02)