IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Simulating Retransmissions

From: Christian Kreibich <christian () whoop org>
Date: Mon, 17 Apr 2006 23:25:14 +0100
Hi Mike,

I'd suggest recording a raw form of suitable traffic via tcpdump, then
editing it according to your needs, and then replaying it onto your
network using tcprelay or similars. Netdude (netdude.sf.net) is ideal
for creating small, specific patterns for tickling your IDS. It was the
main purpose we developed it for when working on traffic normalization
years ago. You're very welcome to pop by our mailing list in case you
have any questions.

Good luck,
Christian.

On Sun, 2006-04-16 at 13:49 -0400, Mike Gibson wrote:

Or does anyone know of a proxy application like Achilles or Burp that
works at the TCP level so that I could just drop the ACK packets while
they were on their way out of the client machine?

On 4/13/06, Mike Gibson <micheal.gibson () gmail com> wrote:

Hi everyone,

I need to have a server application retransmit some TCP packets to my
client to test my IDS.


-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: