Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[RE: Test scripts for NIDS]

From: indianz () indianz ch
Date: Fri, 3 Sep 2004 08:16:09 +0200 (CEST)
For to test with stick and snot you just throw alerts at the IDS, after
that, you should check the logs of the IDS to see what has been recorded
and what
dropped.
You also can throw (with stick and snot) and try to exploit the IDS from
another machine in the same time.

Have also a look at
http://packetstormsecurity.nl/distributed/stick.htm

Stick Download:
http://www.eurocompton.net/stick/projects8.html

Snot Download:
http://www.stolenshoes.net/sniph/index.html

IDSwakeup Download:
http://www.hsc.fr/ressources/outils/idswakeup/index.html.en

GreetZ from IndianZ

mailto:indianz () indianz ch
http://www.indianz.ch



I've gotten alot of suggestions to test the
signatures, i've got some to test the load but they
were $$$, anything out there for free ?

With a software and not an appliance how does one test
the load to know when the IDS can no longer verify
packets and they are being dropped ? Is this included
in the software ?

Thanks again everyone :)



-----Original Message-----
From: BĂ©noni MARTIN

[mailto:Benoni.MARTIN () libertis ga]

Sent: August 31, 2004 09:05
To: John Madden; pen-test () securityfocus com
Subject: RE: Test scripts for NIDS


<SNIP>


I know there is a tool that generates Snort's

alerts, but I

just cannot remeber it's name :(


The tool you're talking about is called "SNOT". You
can find it
here: http://www.stolenshoes.net/sniph/index.html

From the file 'snot-0.92a-README.txt' post at that
URL:

"Snot is an arbitrary packet generator, that uses
snort rules
files as its source of packet information. It
attempts at all
times to randomise information that is not contained
in the
rule, to hamper the generation of 'snot detection'
snort rules.

It can be used as an IDS evasion tool, by using
specific decoy
hosts, or just something to keep your friendly IDS
monitoring
staff busy.

It has been tested to run on *BSD, Linux, Win2k,
NT4.0 and Win98."

I hope this helps,
Alex%


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: