Re: IDS Testing Method

[Ravi Kumar <ravivsn () rocsys com>]

Hi,
Testing IDS/IPS signatures is little bit complex for sure but we at 
ROCSYS are succesfull in testing almost all the exisitng snort 
signatures. ROCSYS also tests with latest vulnerabilites/exploits taken 
from http://www.securiteam.com
we have customised tools to test IPS signatures automatically, For more 
information please drop us an email to me or support () rocsys com

Best Regards,
-Ravi
ROCSYS Technologies Ltd.,
Hyderabad
http://www.rocsys.com


Majed Mohammed Ayoub Al-Shodari wrote:

> Dear NAVTEJ,
>
> As you know there are thousands of the signatures of the NIDS. And it
> divided to categories. And you should know you cannot test them all,
> therefore, try to have many signatures from each category and do your test
> depends on the signature behaviour.
>
> If you select the required signatures for your test, please let me know
> which signatures to provide you by the methodology to test them all.
>
> If you need any further info, please don't hesitate to call me or drop me an
> email.
>
>            Thank you and best regards
> --------------------------------------
> Majed Mohammed Ayoub
> Tel.    :(966-2) 606-6556 Ext. ( 361 )
> Fax    :(966-2) 606-1342 Ext. ( 1361 )
> Mobile:(966-50) 33-67-69-1
> Information Systems Security Administrator
> Technical Services Section
> Information Technology Department
> P. O. Box 4384 Jeddah 21491
> Kingdom of Saudi Arabia
>
>
> -----Original Message-----
> From: M Shirk
> To: focus-ids () securityfocus com
> Sent: 7/21/2004 2:17 PM
> Subject: RE: IDS Testing Method
>
> If it is snort, you can use sneeze.pl to generate alerts. Also the
> common 
> way to test the IDS is to use a vulnerability scanner like Nessus and
> scan a 
> box, then run TCPDUMP and compare the packet count to make sure you are
> not 
> dropping packets.
>
> If you are speaking of signatures, I usually just create or compile the 
> exploits to make sure I am alerting on the traffic.
>
> Shirkdog
>
>
> -----Original Message-----
> From: tonavtejkohli () hotmail com [mailto:tonavtejkohli () hotmail com]
> Sent: Tuesday, July 20, 2004 6:48 AM
> To: focus-ids () securityfocus com
> Subject: IDS Testing Method
> Importance: Low
>
>
> Hi Lists,
>
> I'm trying to find out ways of testing different IDS systems. Is there
> any
> way, recommended'/best practice methodology for testing Network based
> IDS
> (NIDS)
> ?
> It would be very nice of you if anyone  can give me some technical
> hints.
> Any information - papers, tools, links and own experience are much
> appreciated.
>
> Hoping for a reply soon from your side.
>
> Regards,
>
> NAVTEJ KOHLI
>
> _________________________________________________________________
> Discover the best of the best at MSN Luxury Living.
> http://lexus.msn.com/
>
>
> ------------------------------------------------------------------------
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE
> IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
> --
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
> IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
> --------------------------------------------------------------------------
>
>  




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------