Intrusion Detection Systems mailing list archives
Re: Assessment tools/Scanners
From: rgula () network-defense com (Ron Gula)
Date: Sat, 09 Oct 1999 09:13:05 -0700
All IDS products are developed with internal test suites that determine whether or not a given IDS signature works. If you are potentially making a serious investment in an IDS (volume licenses are not cheap), you should justifiably be able to ask each vendor for their internal test suite to compare against each IDS. If you are a low volume buyer, this probably won't work for you as producers will be reluctant to release internal test tools.
As a vendor, I am not comfortable releasing our test suite of tools. Instead, we maintain logs of network attacks that we have collected with Dragon from places like DEFCON and SANS ID-Net. These logs may be trivially converted to TCPDUMP format for network replay. This technique is much simpler than a suite of tools because now the customer doesn't have to find an SGI box, a Solaris box or whatever else hardware is needed to run the suite. Ron Gula Network Security Wizards
Current thread:
- cybercop sting Isman (Oct 07)
- Assessment tools/Scanners bgmiller (Oct 07)
- Re: Assessment tools/Scanners Greg Shipley (Oct 08)
- Re: Assessment tools/Scanners Ryan M. Ferris (Oct 08)
- Re: Assessment tools/Scanners Ron Gula (Oct 09)
- Re: Assessment tools/Scanners Dug Song (Oct 10)
- Re: Assessment tools/Scanners Dug Song (Oct 09)
- Re: Assessment tools/Scanners Greg Shipley (Oct 08)
- RE: Assessment tools/Scanners Brian Laing (Oct 09)
- Assessment tools/Scanners bgmiller (Oct 07)
- CIGNA Co-op Janack, Matthew B CPC11 (Oct 08)
- Re: Assessment tools/Scanners Carric Dooley (Oct 08)
- <Possible follow-ups>
- RE: cybercop sting Staggs, Michael (Oct 08)
- RE: RE: cybercop sting Endler, David S (Oct 08)
- Re: RE: RE: cybercop sting Eric (Oct 09)
- Re: RE: RE: cybercop sting Bill Martin (Oct 10)
- Re: Fw: cybercop sting Isman (Oct 11)