|
IDS
mailing list archives
Re: IDS Testing Method
From: Ravi Kumar <ravivsn () rocsys com>
Date: Mon, 26 Jul 2004 10:46:23 +0530
Hi,
Testing IDS/IPS signatures is little bit complex for sure but we at
ROCSYS are succesfull in testing almost all the exisitng snort
signatures. ROCSYS also tests with latest vulnerabilites/exploits taken
from http://www.securiteam.com
we have customised tools to test IPS signatures automatically, For more
information please drop us an email to me or support () rocsys com
Best Regards,
-Ravi
ROCSYS Technologies Ltd.,
Hyderabad
http://www.rocsys.com
Majed Mohammed Ayoub Al-Shodari wrote:
Dear NAVTEJ,
As you know there are thousands of the signatures of the NIDS. And it
divided to categories. And you should know you cannot test them all,
therefore, try to have many signatures from each category and do your test
depends on the signature behaviour.
If you select the required signatures for your test, please let me know
which signatures to provide you by the methodology to test them all.
If you need any further info, please don't hesitate to call me or drop me an
email.
Thank you and best regards
--------------------------------------
Majed Mohammed Ayoub
Tel. :(966-2) 606-6556 Ext. ( 361 )
Fax :(966-2) 606-1342 Ext. ( 1361 )
Mobile:(966-50) 33-67-69-1
Information Systems Security Administrator
Technical Services Section
Information Technology Department
P. O. Box 4384 Jeddah 21491
Kingdom of Saudi Arabia
-----Original Message-----
From: M Shirk
To: focus-ids () securityfocus com
Sent: 7/21/2004 2:17 PM
Subject: RE: IDS Testing Method
If it is snort, you can use sneeze.pl to generate alerts. Also the
common
way to test the IDS is to use a vulnerability scanner like Nessus and
scan a
box, then run TCPDUMP and compare the packet count to make sure you are
not
dropping packets.
If you are speaking of signatures, I usually just create or compile the
exploits to make sure I am alerting on the traffic.
Shirkdog
-----Original Message-----
From: tonavtejkohli () hotmail com [mailto:tonavtejkohli () hotmail com]
Sent: Tuesday, July 20, 2004 6:48 AM
To: focus-ids () securityfocus com
Subject: IDS Testing Method
Importance: Low
Hi Lists,
I'm trying to find out ways of testing different IDS systems. Is there
any
way, recommended'/best practice methodology for testing Network based
IDS
(NIDS)
?
It would be very nice of you if anyone can give me some technical
hints.
Any information - papers, tools, links and own experience are much
appreciated.
Hoping for a reply soon from your side.
Regards,
NAVTEJ KOHLI
_________________________________________________________________
Discover the best of the best at MSN Luxury Living.
http://lexus.msn.com/
------------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: IDS Testing Method, (continued)
|
Intro
