RE: IDS Testing Method

["M Shirk" <shirkdog_linux () hotmail com>]

If it is snort, you can use sneeze.pl to generate alerts. Also the common 
way to test the IDS is to use a vulnerability scanner like Nessus and scan a 
box, then run TCPDUMP and compare the packet count to make sure you are not 
dropping packets.

If you are speaking of signatures, I usually just create or compile the 
exploits to make sure I am alerting on the traffic.

Shirkdog


-----Original Message-----
From: tonavtejkohli () hotmail com [mailto:tonavtejkohli () hotmail com]
Sent: Tuesday, July 20, 2004 6:48 AM
To: focus-ids () securityfocus com
Subject: IDS Testing Method
Importance: Low


Hi Lists,

I'm trying to find out ways of testing different IDS systems. Is there any
way, recommended'/best practice methodology for testing Network based IDS
(NIDS)
?
It would be very nice of you if anyone  can give me some technical hints.
Any information - papers, tools, links and own experience are much
appreciated.

Hoping for a reply soon from your side.

Regards,

NAVTEJ KOHLI

_________________________________________________________________
Discover the best of the best at MSN Luxury Living. http://lexus.msn.com/


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------