IDS mailing list archives
RE: Worm attack generation tools
From: "Robert D. Holtz" <robert.d.holtz () gmail com>
Date: Fri, 18 Aug 2006 19:50:15 -0500
Use the worms themselves if you're testing IDS/IPS systems. Just isolate them and setup a test system that you infect with the worms. Use this system to pound away at the IDS. If you need more systems you can always throw VMWare onto your test system and create them virtually. Nothing better to test with than the real thing! -----Original Message----- From: Joey Peloquin [mailto:joeyp () cotse net] Sent: Friday, August 18, 2006 7:50 AM To: miaomitiff119 Cc: focus-ids () securityfocus com Subject: Re: Worm attack generation tools miaomitiff119 wrote:
Hi,:) Does anyone know any tools which can be used to simulate attack traffic (especially traffic pattern of worm attacks)? It is for the purpose of testing IDSs. I've looked at PACKIT and Netcat, but they can't generate "simultaneous" connections which is required for generating worm spreading behaviour...(or are there any ways to use PACKIT or Netcat to generate simultaneous connections?) Many thanks!:)
Assuming you're wanting to test detections versus connections per second, you might try Tomahawk. We used it for testing NIPS, but I don't see why you couldn't use it for IDS as well. http://tomahawk.sourceforge.net/ It's been discussed on this list before, ad nauseam, but keep in mind, ICSALabs rewrote most of the code for their certification program (v1.1), so it shouldn't be considered a TippingPoint-leaning tool, as it has in the past. -jp ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Worm attack generation tools miaomitiff119 (Aug 17)
- Re: Worm attack generation tools Stefano Zanero (Aug 18)
- Re: Worm attack generation tools Joey Peloquin (Aug 18)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- Re: Worm attack generation tools Joey Peloquin (Aug 21)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- Re: Worm attack generation tools Joey Peloquin (Aug 21)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- RE: Worm attack generation tools Tony Haywood (Aug 24)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- <Possible follow-ups>
- Re: Worm attack generation tools whonosewho (Aug 21)