miaomitiff119 wrote:
> Hi,:)
> Does anyone know any tools which can be used to simulate attack traffic
> (especially traffic pattern of worm attacks)? It is for the purpose of
> testing IDSs. I've looked at PACKIT and Netcat, but they can't generate
> "simultaneous" connections which is required for generating worm spreading
> behaviour...(or are there any ways to use PACKIT or Netcat to generate
> simultaneous connections?)
>
> Many thanks!:)
Assuming you're wanting to test detections versus connections per second,
you might try Tomahawk. We used it for testing NIPS, but I don't see why
you couldn't use it for IDS as well.
http://tomahawk.sourceforge.net/
It's been discussed on this list before, ad nauseam, but keep in mind,
ICSALabs rewrote most of the code for their certification program (v1.1), so
it shouldn't be considered a TippingPoint-leaning tool, as it has in the past.
-jp
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Aug 18 2006
Intro
