Penetration Testing mailing list archives
Re: Triggering IDS
From: Jean-Philippe Luiggi <jp.luiggi () free fr>
Date: Thu, 16 Mar 2006 13:49:34 -0500
On Wed, Mar 15, 2006 at 03:08:30PM +0000, AdamT wrote:
Dear all, Y'know how there's the EICAR anti virus test file, which lets you see if your anti-virus is working, well, I was wondering if there was something similar to let you see what happens when your IDS triggers? Should I just send a lot of NOPs in a TCP session, or make obvious port scans, or is there some kind of 'industry standard' way to deliberately trigger IDS alarms?
Hello, The response is not obvious as it's often a good idea to tune the IDS to meet your need. More, there're tools which may run as the admin wants : An example is the IDS "Bro" (http://bro-ids.org), it uses a specialized policy language that allows a site to tailor Bro's operation, both as site policies evolve and as new attacks are discovered. If Bro detects something of interest, it can be instructed to either generate a log entry, alert the operator in real-time, orinitiate the execution of an operating system command (e.g., to terminate a connection or block a malicious host on-the-fly). Best regards. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- Triggering IDS AdamT (Mar 15)
- RE: Triggering IDS chewy (Mar 16)
- Re: Triggering IDS Ivan . (Mar 16)
- Re: Triggering IDS Christine Kronberg (Mar 16)
- Re: Triggering IDS Andres Riancho (Mar 16)
- Re: Triggering IDS Jean-Philippe Luiggi (Mar 16)
- <Possible follow-ups>
- Re: Triggering IDS bart (Mar 16)
- Re: Re: Triggering IDS bwallace (Mar 18)