Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS Testing

From: Peter Van Epp <vanepp () sfu ca>
Date: Wed, 10 Mar 2004 11:25:01 -0800
        Haven't used IDS Informer, but tcpreplay (available from 
sourceforge.net) is designed (originally by Anzen) specifically for IDS 
testing. Takes a tcpdump file (and the black hat briefings site is a good 
source of such files :-) http://www.shmoo.com/cctf/ ) and replays it either as 
fast as the hardware will go or at the original timing or slower.
        Sounds like you may also be interested in argus which is an open source
IP auditing tool (it is useful to see what has been coming in that you don't
think should be after your firewall/IDS).  http://www.qosient.com/argus 
There is an article on how I use argus available at:

http://www.usenix.org/publications/login/2001-11/pdfs/epp.pdf

which may be of interest as well.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Wed, Mar 10, 2004 at 03:59:14PM +0000, Security Tester wrote:

Has anyone ever used a product called IDS Informer made by Blade Software?  
I am currently looking at different methods/products that can test the 
functionality and response of production IDS sensors.

I have used stick and snot in the past, but these get old, and quite 
frankly they really don't test the detection capability of the sensor.  
They are however great tools for spamming the sensors and slipping in below 
the radar.

Do any of you have any suggestions as to what might be a good 
technique/tool to test the responses of the IDS systems, apart from 
performing the attacks yourself.  I am really looking for some sort of way 
to replay the attack data on the wire, but not actually target any machines.

Any help would be greatly appreciated.  Thanks in advance.

_________________________________________________________________
One-click access to Hotmail from any Web page – download MSN Toolbar now! 
http://clk.atdmt.com/AVE/go/onm00200413ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the 
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: