IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS/IPS testing methodology

From: "Leandro Reox" <lmet5on () fibertel com ar>
Date: Tue, 12 Oct 2004 13:49:32 -0300
To get a better vision of how you can do this setup, would be great if
you can describe your network topology, or, if youre building a test
enviroment, putting the IPS behind a firewall, and before it, it’s the
best way to see the variations of a already filtered attack ( firewall
level 1 wall) and the unfiltered signatures of attacks (a ton of
loggin).
We got a Proventia M50 series, behind a sort of firewalls PIX in the
DMZ, and the loggin is very poor, in the final report the numbers don’t
reflex anything.
So, we put a G200 before the firewalls, to get a real vision of the
unfiltered attacks impacts, and show big numbers (more real) to the
client ;).

Cheers

Leandro Reox
Security Operation Center
Impsat Argentina.


-----Original Message-----
From: hakked () yahoo com [mailto:hakked () yahoo com] 
Sent: Sábado, 09 de Octubre de 2004 06:41 p.m.
To: focus-ids () securityfocus com
Subject: IDS/IPS testing methodology



New to IPS arena and am looking for a documented standard or method for
testing IPS technologies in parallel. Have a suite of test tools
(nessus, IDS Reformer, metasploit, etc.), and we are able to test the
NIDS tools fairly well off a hub, however I'm now concentrating on how
to setup the network to be able to test the IPS's in parallel at the
same time. This will be an ongoing research project.

-j

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.775 / Virus Database: 522 - Release Date: 08/10/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.775 / Virus Database: 522 - Release Date: 08/10/2004
 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: