Re: Triggering IDS

[Andres Riancho <andres.riancho () gmail com>]

Hi Adam,

   When I need to do something like that I use one of the following :

       idswakeup
       nmap -O -T Aggresive ip-behind-ids

   If the other end is a webserver and you need a really quick test :

       wget http://ip-behind-ids/../../../../././etc/passwd

   If nothing triggers your IDS you should try with:

       Nessus
       nikto

   If you need to do many tests, you could use tcpdump to capture an 
attack and then tcpreplay to resend those packets. There is also a 
project called tomahawk that you should check.

Cheers,

Andres Riancho
http://www.securearg.net/

AdamT wrote:
> Dear all,
>
> Y'know how there's the EICAR anti virus test file, which lets you see
> if your anti-virus is working, well, I was wondering if there was
> something similar to let you see what happens when your IDS triggers?
>
> Should I just send a lot of NOPs in a TCP session, or make obvious
> port scans, or is there some kind of 'industry standard' way to
> deliberately trigger IDS alarms?
>
> --
> AdamT
> 'Thank-you for not requesting read receipts'
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? 
> As attacks through web applications continue to rise, you need to proactively 
> protect your applications from hackers. Cenzic has the most comprehensive 
> solutions to meet your application security penetration testing and 
> vulnerability management needs. You have an option to go with a managed 
> service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
> Download FREE whitepaper on how a managed service can help you: 
> http://www.cenzic.com/news_events/wpappsec.php 
> And, now for a limited time we can do a FREE audit for you to confirm your 
> results from other product. Contact us at request () cenzic com
> ------------------------------------------------------------------------------
>
>   


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------