Re: [PEN-TEST] IDS Testing

[jeru <jeru () NEWHACKCITY NET>]

A tool that we've had success in finding DoS for firewall
and IDS products is ISIC. If you're not familiar with it,
its a great tool written by Mike Frantzen that generates
pseudo random bad traffic. When using it
always set a seed so you'll be able to reproduce/narrow
down the packet causing the DoS. Hope it helps.
It available here and requires libnet.

http://expert.cc.purdue.edu/~frantzen/isic-0.05.tgz

--jeru


On Tue, 12 Dec 2000, Dunker, Noah wrote:

> My favorite method of testing NID systems (like RealSecure,
> NetProwler, and friends) is just by using common tools
> that were designed for NIDS evasion.  Of these tools, nmap,
> whisker, and fragrouter all deserve honorable mention.
>
> I also like to play with DoS tools.  I believe jolt2 and
> trash on the local network were both able to freeze up
> some of the the NIDS engine systems I tested (blinding the
> NIDS), while still maintaining enough bandwidth to leverage
> other attacks and remain undetected.  If I recall correctly,
> RealSecure does some wicked things when you try to directly
> DoS the engine.  I think it did something with arp that sort
> of munged my Linux laptop's ability to talk on the network,

snip

> -----Original Message-----
> From: Roger Roberts [mailto:rogerwroberts2000 () YAHOO COM]
> Sent: Tuesday, December 12, 2000 10:06 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: IDS Testing
>
>
> Hello all,
> We here are going to be conducting a local testing on
> a proposal IDS System (Real Secure).  I would like to
> know if anyone has written test documentation or other
> show stoppers they accomplished during the test.
>
> Thanks
>
> Roger
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/