IDS mailing list archives
Re: IDS Testing tool
From: ADT <synfinatic () gmail com>
Date: Sat, 12 Jun 2004 10:58:01 -0700
On Fri, 11 Jun 2004 01:13:29 -0400 (EDT), Anton A. Chuvakin <anton () chuvakin org> wrote:
Is anyone aware of any open source equivalent of Blade's IDS Informer tool to test IDSes? I am aware that TCPReplay can be used to test IDSes but then we will need to make actual attacks at least once to capture the traffic. Any help would be appreciated.What's wrong with just blasting it with a vuln scanner? Nessus will generate a lot of noise in most NIDSs and can even be tweaked for more "noisyness"
Well think about it... a good IDS which limits the number of false positives should detect the actual exploit. A vulnerability scanner is supposed to check for the vulnerability, *not* to run the actual exploit, b/c then it may crash/root/etc your own box. Hence, an exploit should look different then a vulnerability check. Therefore, using Nessus or other vulnerability scanners are a crappy way of testing an IDS. (Of course if you've got a crappy IDS, then perhaps a crappy test methodology is ok.) With that in mind, you can either use Blade's IDS Informer or roll your own solution using tcpreplay. -Aaron --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS Testing tool Arun Vishwanathan (Jun 07)
- Re: IDS Testing tool Anton A. Chuvakin (Jun 12)
- Re: IDS Testing tool ADT (Jun 13)
- Re: IDS Testing tool Ron Gula (Jun 15)
- Re: IDS Testing tool ADT (Jun 13)
- <Possible follow-ups>
- Re: IDS Testing tool Tobias Klein (Jun 15)
- Re: IDS Testing tool ADT (Jun 15)
- Re: IDS Testing tool dhm (Jun 16)
- Re: IDS Testing tool typhon --- (Jun 16)
- RE: IDS Testing tool BLADE Software - Chris Ralph (Jun 17)
- RE: IDS Testing tool Tom Arseneault (Jun 21)
- Re: IDS Testing tool ADT (Jun 16)
- RE: IDS Testing tool Ron Gula (Jun 21)
- Re: IDS Testing tool Anton A. Chuvakin (Jun 12)