Re: Evaluation for IDS
From: Kurt Seifried (bugtraq@seifried.org)Date: 09/28/01
- Previous message: Matt Collins: "Re: The old question..."
- In reply to: hu jinhua: "Evaluation for IDS"
- Next in thread: Kohlenberg, Toby: "RE: Evaluation for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <003701c14812$6eba5140$6400030a@seifried.org> From: "Kurt Seifried" <bugtraq@seifried.org> To: "hu jinhua" <hujh@neusoft.com>, <focus-ids@securityfocus.com> Subject: Re: Evaluation for IDS Date: Fri, 28 Sep 2001 05:40:53 -0600
One simple way would be to shove a lot of traffic through and then launch
attacks (get code from packetstorm or similar). You know what you are
sending, and by checking the reports can easily figure out what % of attacks
are detected, also how good the info is (i.e.: attack foo detected" verses
"attack foo detected, go find all your win2k servers and make sure patch
#xxx is applied"). Plus there are things like Dug Song's frag router and
other tools you can use to make the IDS's life more realistic (you better
believe attackers use this stuff).
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "hu jinhua" <hujh@neusoft.com>
To: <focus-ids@securityfocus.com>
Sent: Friday, September 28, 2001 12:00 AM
Subject: Evaluation for IDS
> I need help about testing methodology for IDS, or
> criteria about evaluating IDS. who can tell me about
> this.
> Someone who have knowledge about this please
> mail me. My E-mail address is hujh@neusoft.com.
> Thanks very much!
>
- Previous message: Matt Collins: "Re: The old question..."
- In reply to: hu jinhua: "Evaluation for IDS"
- Next in thread: Kohlenberg, Toby: "RE: Evaluation for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
