Penetration Testing mailing list archives
IDS Assessments....and the I{D|P}S evasion research project
From: Joseph McCray <joe () learnsecurityonline com>
Date: Wed, 15 Nov 2006 16:22:19 -0500
I just doing an IDS assessment where the goal is to fine tune the IDS (reduce false positives/false negatives blah blah blah). It's been a lot of fun, but now I'm curious about how I can get signature verification information more efficiency. Have any of you ever taken the time to develop a list signatures and their corresponding tools and/or exploits that actually trigger every individual signature the IDS has? I know that if someone has attempted this it was VERY IDS specific - like they may have been doing Sourcefire, or Real Secure signatures so no I'm not asking for your documentation. I'm really looking for input, tips, ideas of ways to automate a lot of the testing. I'm looking for this especially for exploits - how did you systematically handle things like: 1. running a specific tool/exploit with varying parameters passed to it 2. verifying that the system was actually exploited 3. verifying that the IDS alert actually triggered 4. verifying that the service is still running after the attempted exploit (restart the service/reboot the box if needed) 5. correlating 1, 2 and 3 above I'm thinking a ton of scripting is going to be the secret here. Any ideas and feedback would be greatly appreciated. -- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com Web: https://www.learnsecurityonline.com Learn Security Online, Inc. * Security Games * Simulators * Challenge Servers * Courses * Hacking Competitions * Hacklab Access
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- IDS Assessments....and the I{D|P}S evasion research project Joseph McCray (Nov 15)
- Re: IDS Assessments....and the I{D|P}S evasion research project Sam Gorton (Nov 16)
- Re: IDS Assessments....and the I{D|P}S evasion research project Eric Hacker (Nov 17)
- Re: IDS Assessments....and the I{D|P}S evasion research project Eric Hacker (Nov 16)
- Re: IDS Assessments....and the I{D|P}S evasion research project Raffael Marty (Nov 20)
- Re: IDS Assessments....and the I{D|P}S evasion research project Sam Gorton (Nov 16)