IDS mailing list archives

Re: IDS Evaluation

From: Raffael Marty <rmarty () arcsight com>
Date: Mon, 28 Mar 2005 15:11:18 -0800

For all the framework-aspects of your testing, there is Thor: 

http://thor.cryptojail.net

        -raffy

On Mar 28, 2005, at 12:33 PM, Ron Gula wrote:

However, when you run vuln scanners against an IDS, you only really
test how an IDS detects vuln scanning. You should also add into you
test suite tools which conduct active exploitation.


It's been said before, but I'll say it again.  Metasploit is a great 
tool to use precisely for this purpose:

http://www.metasploit.com/index.html

Not that there aren't others...


-- 

Raffael Marty, GCIA, CISSP                    raffael.marty () arcsight com
Senior Security Engineer                    Content Team @ ArcSight Inc.
5 Results Way            Cupertino, CA  95014             (408) 864-2662

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

IDS Evaluation 1daguerr (Mar 28)
- RE: IDS Evaluation Matt Foster (Mar 31)
- <Possible follow-ups>
- Re: IDS Evaluation Ron Gula (Mar 28)
  - Re: IDS Evaluation sam f. stover (Mar 28)
    - Re: IDS Evaluation Raffael Marty (Mar 29)
  - Re: IDS Evaluation David W. Goodrum (Mar 29)
- RE: IDS Evaluation Maynor, David (ISS Atlanta) (Mar 28)