Penetration Testing mailing list archives

RE: Test scripts for NIDS

From: "por. Ing. Martin Hlavacek" <martin.hlavacek () vabo cz>
Date: Sun, 29 Aug 2004 04:24:18 +0200

Hi,
the answer depends on the scale and thoroughness of the test you demand.
First step of course is nmaping (www.insecure.org/nmap) with some
aggressive switches turned on; you can initiate some alerts by common
vulnerability scanners (nessus). There are also some specialized
vulnerability&stress testers for specific www and ftp servers (babel for
example), you should test them too.
The snort (www.snort.org) IDS uses large and well defined set of
alert-rules and these rules might be used to generate "malicious"
traffic and therefore test the NIDS. There are some free tools to
perform this.
Check the internet for results of previous testing and for methodology
of the tests, half-cocked execution of skript-kiddies tools won't give
you relevant results.
You should also test false negatives by pluging network printers,
invalid url requests, etc. However I do not know any false negatives
testing tool.

=======================================
2nd Lt Martin Hlavacek
---------------------------------------
Department of IT, University of Defense
Czech Armed Forces, Czech Republic
=======================================
e-mail:   martin.hlavacek () vabo cz
icq:      66631356

-----Original Message-----
From: John Madden [mailto:chiwawa999 () yahoo com]
Sent: Monday, August 30, 2004 3:00 PM
To: pen-test () securityfocus com
Subject: Test scripts for NIDS


Hi all,

I'm looking for tools that can test the effectiveness
of an NIDS like:

- How much load can it take before dropping packets ?
- What attacks can it detect or not detect

etc...

Any suggestions would be appreciated.

Thanks



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

Re: Test scripts for NIDS, (continued)
- Re: Test scripts for NIDS cruxpot (Aug 31)
- RE: Test scripts for NIDS Matt Foster (Aug 31)
- Re: Test scripts for NIDS Jose Maria Lopez (Aug 31)
- Re: Test scripts for NIDS Peter Van Epp (Sep 01)
- RE: Test scripts for NIDS Arndt . WA (Sep 01)
  - RE: Test scripts for NIDS Jose Maria Lopez (Sep 01)
  - RE: Test scripts for NIDS John Madden (Sep 02)
    - Re: Test scripts for NIDS Peter Van Epp (Sep 03)
    - Re: Test scripts for NIDS ADT (Sep 07)
- Re: Test scripts for NIDS Jose Maria Lopez (Sep 01)
- RE: Test scripts for NIDS por. Ing. Martin Hlavacek (Sep 01)
- RE: Test scripts for NIDS Bénoni MARTIN (Sep 02)
- Re: Test scripts for NIDS Iván Arce (Sep 02)