Full Disclosure mailing list archives
[RE: Test scripts for NIDS]
From: indianz () indianz ch
Date: Fri, 3 Sep 2004 08:16:09 +0200 (CEST)
For to test with stick and snot you just throw alerts at the IDS, after that, you should check the logs of the IDS to see what has been recorded and what dropped. You also can throw (with stick and snot) and try to exploit the IDS from another machine in the same time. Have also a look at http://packetstormsecurity.nl/distributed/stick.htm Stick Download: http://www.eurocompton.net/stick/projects8.html Snot Download: http://www.stolenshoes.net/sniph/index.html IDSwakeup Download: http://www.hsc.fr/ressources/outils/idswakeup/index.html.en GreetZ from IndianZ mailto:indianz () indianz ch http://www.indianz.ch
I've gotten alot of suggestions to test the signatures, i've got some to test the load but they were $$$, anything out there for free ? With a software and not an appliance how does one test the load to know when the IDS can no longer verify packets and they are being dropped ? Is this included in the software ? Thanks again everyone :)-----Original Message----- From: BĂ©noni MARTIN[mailto:Benoni.MARTIN () libertis ga]Sent: August 31, 2004 09:05 To: John Madden; pen-test () securityfocus com Subject: RE: Test scripts for NIDS<SNIP>I know there is a tool that generates Snort'salerts, but Ijust cannot remeber it's name :(The tool you're talking about is called "SNOT". You can find it here: http://www.stolenshoes.net/sniph/index.html From the file 'snot-0.92a-README.txt' post at that URL: "Snot is an arbitrary packet generator, that uses snort rules files as its source of packet information. It attempts at all times to randomise information that is not contained in the rule, to hamper the generation of 'snot detection' snort rules. It can be used as an IDS evasion tool, by using specific decoy hosts, or just something to keep your friendly IDS monitoring staff busy. It has been tested to run on *BSD, Linux, Win2k, NT4.0 and Win98." I hope this helps, Alex%
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [RE: Test scripts for NIDS] indianz (Sep 02)
- Re: [RE: Test scripts for NIDS] Thomas Pollet (Sep 03)