Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: RE: IDS testing tools

RE: IDS testing tools

From: SanjayR <sanjayr_at_intoto.com>
Date: Mon, 28 Aug 2006 09:17:54 +0530

At 07:23 PM 8/24/2006, Deepak Seth wrote:
>
>Hello Jarleay,
>
>There are lots of tools freely available in the internet that you can use
>for IDS testing:

>1. Nessus

Nessus is a bad choice to test IDS as it is a vulnerability scanner.
so in many cases, it simply look for the version and reports if the
version is vulnerable. Therefore, no corresponding log will be found
in your IDS => many False Negatives (actually leading to FPs!!!!,
i.e. wrong conclusion)

>2. Hping

can be a good tool, but again it is a tool for crafting packets. you
should know what to send.

>3. Nmap

known tool for reconnaissance.

>4. Snort

How?? it itself is an IDS, so please let me know how can I use it to
test an IDS?

>5. TCP Replay

Again, it is a pcap file re-transmission tool. you need to have
capture of attacks.

>6. Netcat

Again good for reconnaissance and sending data, if you know what to send.

In my opinion, apart from tools mentioned in other mails under the
same thread, Metasploit (free) and TrafficIQ (commercial) and Core
Impact (commercial) are good choices.

Regards
-Sanjay

Sanjay Rawat
Security Research Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 424
Website : www.intoto.com

   Homepage: http://sanjay-rawat.tripod.com

>Search for these toold in google and you will get the corresponding website.
>
>-Deepak
>
>-----Original Message-----
>From: jarleay_at_gmail.com [mailto:jarleay_at_gmail.com]
>Sent: Monday, August 21, 2006 10:14 PM
>To: focus-ids_at_securityfocus.com
>Subject: IDS testing tools
>
>I'm currently trying to find tools to test my IDS setup. I'm having problems
>finding active web pages where I can download tools like SNOT and STICK for
>download.
>
>
>1. Do you guys have any good sites that work properly for download?
>
>
>2. Do you recommend other good tools for testing? This is only a small LAN
>with one IDS
>
>
>3. Should I run the attacking machine on Winxp or some linux version? I'm
>most familiar with windows :(
>
>
>Cheers!
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks from CORE
>IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Aug 30 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos