RE: Remote IDS Testing



If you want to "replay" pcap traffic captures through the IDS this is
pretty good tool:
http://tcpreplay.sourceforge.net/

With it you can reply pcap traffic at arbitrary speeds.

Thanks,
Mike

-----Original Message-----
From: Lachlan Bowes [mailto:lachlan@xxxxxxxxxxxxxxxx]
Sent: November 27, 2005 3:07 AM
To: just1coder
Cc: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Re: Remote IDS Testing


There are many open source vulnerability scanners out there. Nessus is
one of the more popular and its very easy to use.

If you're looking for a way to test if your IDS then running scans on
your ip block with nessus should trigger plenty of alerts.

There are plenty of open source pen testing tools available.
www.insecure.org/tools.html to list a few.

Regards,
Lachlan


On Thu, 2005-11-24 at 11:47 -0500, just1coder wrote:
> Could someone point me to a few remote IDS testing locations? I would
> like to have my IP block scanned by a third party tool / application
for
> vulnerabilities. Any downloadable tools too would be great.
>
> ----------------------------------------------------------------------
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
>
------------------------------------------------------------------------
>
>


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: IDS Evaluation
    ... vulnerability scanning). ... We actually include a limited license copy of Core Impact with our ... Evaluation boxes that we ship so people can easily evaluate our IPS ... >> about the accuracy of the ids. ...
    (Focus-IDS)
  • Re: RE: IDS testing tools
    ... Nessus is a bad choice to test IDS as it is a vulnerability scanner. ... >Find out quickly and easily by testing it with real-world attacks from CORE ... >with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: Host Based IDS
    ... Assunto: RE: Host Based IDS ... Anitian Enterprise Security ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • RE: IDS
    ... Subject: IDS ... Safe Access that does pretty much what you describe. ... Find out quickly and easily by testing it with real-world attacks from ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • RE: IDS event filtering
    ... It is important to avoid tuning out real attacks when they happen by having over-pruned the inside attack tree... ... > ingress - egress firewall rules, IDS configs, or whatever. ... > CORE IMPACT. ... > Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)