IDS mailing list archives

Re: IDS testing tools

From: "Aaron Turner" <synfinatic () gmail com>
Date: Thu, 14 Sep 2006 12:36:18 -0700

On 9/14/06, Akira Matsuno <catchb0dhi () gmail com> wrote:

Is nidsbench still a good tool to use , or is it significantly out of date now?


Well nidsbench is usually considered a suite of tools:

- Fragroute/Fragrouter - Quite amazing how many IDS/IPS's still have
problems with this, especially at higher rates or under load.  Neither
in active development AFAIK.

- Tcpreplay - Still in active development
(http://tcpreplay.synfin.net/) and very useful if you have relevant
pcap's to play with.  If you don't already have good pcaps, you'll
probably have a hard time finding quality ones which have already been
vetted.  Maybe one day http://openpacket.blogspot.com/ or some other
service will actually launch.

--
Aaron Turner
http://synfin.net/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto learn more.

------------------------------------------------------------------------

Current thread:

Re: RE: IDS testing tools Kowsik Guruswamy (Sep 02)
- <Possible follow-ups>
- Re: IDS testing tools André Luiz Rodrigues Ferreira (Sep 05)
- Re: IDS testing tools Akira Matsuno (Sep 14)
  - Re: IDS testing tools Matt Bing (Sep 14)
  - Re: IDS testing tools Aaron Turner (Sep 14)
    - RE: IDS testing tools Tony Haywood (Sep 18)