Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Test scripts for NIDS
From: Bénoni MARTIN <Benoni.MARTIN () libertis ga>
Date: Wed, 1 Sep 2004 10:43:35 +0100

There is a Windoze tool called RafaleX (was named after in Engage Packet Builder, if I am right), free, which allows to 
forge TCP/UDP/ICMP traffic via a very nice GUI.

I think you can also tell him how many packets you want to send ... 

-----Message d'origine-----
De : cruxpot [mailto:cruxpot () runbox com] 
Envoyé : mardi 31 août 2004 15:40
À : John Madden; pen-test () securityfocus com
Objet : Re: Test scripts for NIDS

I'm looking for tools that can test the effectiveness of an NIDS like:

- How much load can it take before dropping packets ?

You need a traffic generator. The best layer 4-7 generator available, in my opinion, is Spirent Avalanche/Reflector. 
But it's expensive. I'd like to hear if someone has actually used a good non-commercial or cheaper solution to do this 
where real stateful traffic is created rather than dummy packets for load testing purposes. I still hold the opinion 
that this tool is required to perform a proper load/stress test because nothing comes close to its power and 
application protocol support.

- What attacks can it detect or not detect

Use exploit toolkits like Metasploit or CANVAS or compile your own which are available from the Internet. 
Alternatively, there are attack replay tools like Blade IDS Informer or you can use the tcpreplay tool to replay pcap 
files.

Refer to http://osec.neohapsis.com/ and
http://www.nss.co.uk/Articles_wpapers.htm for more ideas on testing NIDS.
There are many variations you can perform for testing NIDS effectiveness while it is under load from different sorts of 
traffic.

+crux


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate 
one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write 
exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the 
security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------




------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]