IDS mailing list archives
Re: RE: IDS testing tools
From: "Kowsik Guruswamy" <kowsik () gmail com>
Date: Wed, 30 Aug 2006 22:03:43 -0700
Try the Mu-4000 (www.musecurity.com). You can use it to automate all of the tools listed below in the Mu-4000 platform in addition to what we call published vulnerability analysis - running known vulnerabilities (it's a subscribed feed) to audit networks/utm's/firewalls/idp's/ids's/etc. Disclaimer: I co-founded Mu and was the chief architect for the IDP product line from Juniper/Netscreen/Onesecure. K. On 8/27/06, SanjayR <sanjayr () intoto com> wrote:
At 07:23 PM 8/24/2006, Deepak Seth wrote: > >Hello Jarleay, > >There are lots of tools freely available in the internet that you can use >for IDS testing: >1. Nessus Nessus is a bad choice to test IDS as it is a vulnerability scanner. so in many cases, it simply look for the version and reports if the version is vulnerable. Therefore, no corresponding log will be found in your IDS => many False Negatives (actually leading to FPs!!!!, i.e. wrong conclusion) >2. Hping can be a good tool, but again it is a tool for crafting packets. you should know what to send. >3. Nmap known tool for reconnaissance. >4. Snort How?? it itself is an IDS, so please let me know how can I use it to test an IDS? >5. TCP Replay Again, it is a pcap file re-transmission tool. you need to have capture of attacks. >6. Netcat Again good for reconnaissance and sending data, if you know what to send. In my opinion, apart from tools mentioned in other mails under the same thread, Metasploit (free) and TrafficIQ (commercial) and Core Impact (commercial) are good choices. Regards -Sanjay Sanjay Rawat Security Research Engineer INTOTO Software (India) Private Limited Uma Plaza, Nagarjuna Hills PunjaGutta,Hyderabad 500082 | India Office: + 91 40 23358927/28 Extn 424 Website : www.intoto.com Homepage: http://sanjay-rawat.tripod.com >Search for these toold in google and you will get the corresponding website. > >-Deepak > >-----Original Message----- >From: jarleay () gmail com [mailto:jarleay () gmail com] >Sent: Monday, August 21, 2006 10:14 PM >To: focus-ids () securityfocus com >Subject: IDS testing tools > >I'm currently trying to find tools to test my IDS setup. I'm having problems >finding active web pages where I can download tools like SNOT and STICK for >download. > > >1. Do you guys have any good sites that work properly for download? > > >2. Do you recommend other good tools for testing? This is only a small LAN >with one IDS > > >3. Should I run the attacking machine on Winxp or some linux version? I'm >most familiar with windows :( > > >Cheers! > >------------------------------------------------------------------------ >Test Your IDS > >Is your IDS deployed correctly? >Find out quickly and easily by testing it with real-world attacks from CORE >IMPACT. >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 >to learn more. >------------------------------------------------------------------------ > > >------------------------------------------------------------------------ >Test Your IDS > >Is your IDS deployed correctly? >Find out quickly and easily by testing it >with real-world attacks from CORE IMPACT. >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 >to learn more. >------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Re: RE: IDS testing tools Kowsik Guruswamy (Sep 02)
- <Possible follow-ups>
- Re: IDS testing tools André Luiz Rodrigues Ferreira (Sep 05)
- Re: IDS testing tools Akira Matsuno (Sep 14)
- Re: IDS testing tools Matt Bing (Sep 14)
- Re: IDS testing tools Aaron Turner (Sep 14)
- RE: IDS testing tools Tony Haywood (Sep 18)