|
IDS
mailing list archives
Re: IDS Testing Method
From: Andrea Barisani <lcars () infis univ trieste it>
Date: Sun, 25 Jul 2004 19:47:35 +0200
On Thu, Jul 22, 2004 at 02:44:45PM -0400, Nigel Houghton wrote:
On 0, M Shirk <shirkdog_linux () hotmail com> allegedly wrote:
If it is snort, you can use sneeze.pl to generate alerts. Also the common
way to test the IDS is to use a vulnerability scanner like Nessus and scan
a box, then run TCPDUMP and compare the packet count to make sure you are
not dropping packets.
Sneeze was written for Snort 1.8 and from the looks of it hasn't been
updated since. It will not generate any useful traffic to test current
Snort versions. It may however, generate events on other IDS that do not
keep track of state.
You could also take a look at FTester:
http://ftester.sourceforge.net
--
------------------------------------------------------------
INFIS Network Administrator & Security Officer .*.
Department of Physics - University of Trieste V
lcars () infis univ trieste it - GPG Key 0x864C9B9E ( )
---------------------------------------------------- ( )
"How would you know I'm mad?" said Alice. ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
