IDS mailing list archives
RE: IDS/IPS testing methodology
From: "Leandro Reox" <lmet5on () fibertel com ar>
Date: Tue, 12 Oct 2004 13:49:32 -0300
To get a better vision of how you can do this setup, would be great if you can describe your network topology, or, if youre building a test enviroment, putting the IPS behind a firewall, and before it, its the best way to see the variations of a already filtered attack ( firewall level 1 wall) and the unfiltered signatures of attacks (a ton of loggin). We got a Proventia M50 series, behind a sort of firewalls PIX in the DMZ, and the loggin is very poor, in the final report the numbers dont reflex anything. So, we put a G200 before the firewalls, to get a real vision of the unfiltered attacks impacts, and show big numbers (more real) to the client ;). Cheers Leandro Reox Security Operation Center Impsat Argentina. -----Original Message----- From: hakked () yahoo com [mailto:hakked () yahoo com] Sent: Sábado, 09 de Octubre de 2004 06:41 p.m. To: focus-ids () securityfocus com Subject: IDS/IPS testing methodology New to IPS arena and am looking for a documented standard or method for testing IPS technologies in parallel. Have a suite of test tools (nessus, IDS Reformer, metasploit, etc.), and we are able to test the NIDS tools fairly well off a hub, however I'm now concentrating on how to setup the network to be able to test the IPS's in parallel at the same time. This will be an ongoing research project. -j ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 08/10/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 08/10/2004 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS/IPS testing methodology hakked (Oct 11)
- Re: IDS/IPS testing methodology Gianpiero Porchia (Oct 13)
- RE: IDS/IPS testing methodology Leandro Reox (Oct 15)