IDS mailing list archives
RE: Worm attack generation tools
From: "Robert D. Holtz" <robert.d.holtz () gmail com>
Date: Fri, 18 Aug 2006 21:51:20 -0500
You would be surprised at what one infected machine can crank out. I've seen two mediocre machines cripple a four T1 MLPPP bundle. I've done time at a CLEC and one of our most common problems was folks insisting there internet connection was down when it was actually an infected machine on their internal LAN going nuts. I could watch the traffic once it entered into the core and was able to see that it was trash. What type of bandwidth are you trying to throw at these things? I would assume that the IDS system is "mainly" watching ingress traffic from the internet which for the most part won't be too high due to the cost of this type of access. This assumption goes out the window if you have IDS systems separating departments, business units, etc. Then you're talking LAN speeds. -----Original Message----- From: Joey Peloquin [mailto:joeyp () cotse net] Sent: Friday, August 18, 2006 9:20 PM To: Robert D. Holtz Cc: 'miaomitiff119'; focus-ids () securityfocus com Subject: Re: Worm attack generation tools Robert D. Holtz wrote:
Use the worms themselves if you're testing IDS/IPS systems. Just isolate them and setup a test system that you infect with the worms. Use this system to pound away at the IDS. If you need more systems you can always throw VMWare onto your test system and create them virtually. Nothing better to test with than the real thing!
Excellent idea, Robert! The only problem is scalability, which you already hinted at. It'd take a lot of VMs to generate the kind of traffic I'm looking for ;) -jp ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Worm attack generation tools miaomitiff119 (Aug 17)
- Re: Worm attack generation tools Stefano Zanero (Aug 18)
- Re: Worm attack generation tools Joey Peloquin (Aug 18)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- Re: Worm attack generation tools Joey Peloquin (Aug 21)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- Re: Worm attack generation tools Joey Peloquin (Aug 21)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- RE: Worm attack generation tools Tony Haywood (Aug 24)
- RE: Worm attack generation tools Robert D. Holtz (Aug 21)
- <Possible follow-ups>
- Re: Worm attack generation tools whonosewho (Aug 21)