Re: Testing IDS/IPS Solutions

From: Andres Riancho <andres.riancho@xxxxxxxxx>
Date: Sat, 07 Jan 2006 14:23:55 -0300

You could use tcpsic for testing how well the appliance handles fragmented packets, you could use nikto and nessus to see how many attacks each one detects and finally you could setup a lab with two PC's and try to exploit a know vuln with metasploit to see how well the appliance handles real attacks. There are also some tools that do a HTTP GET flood, that could be interesting to test also.

Jimmy Stewpot wrote:

Hello,
I am currently evaluating some UTM devices (fortinet, SonicWALL etc as per my previous posts). So far my testing has been fairly limited. I am currently looking to see if there are any tools around to test these types of devices, Currently my testing is all done through basic perl scripts however the information I get back from them is not really ideal, Any ideas or recommendations would be greatly appreciated.
Regards,
Jimmy.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------

--
         Andres Riancho
     www.securearg.net <http://www.securearg.net/>
  /Secure from the source/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------

Follow-Ups:
- Re: Testing IDS/IPS Solutions
  - From: Aaron Turner

References:
- Testing IDS/IPS Solutions
  - From: Jimmy Stewpot

Prev by Date: RE: Testing IDS/IPS Solutions
Next by Date: HIDS/HIPS Selection Process
Previous by thread: RE: Testing IDS/IPS Solutions
Next by thread: Re: Testing IDS/IPS Solutions
Index(es):
- Date
- Thread

Relevant Pages

Re: Fwd: Solaris 10 x86 HIDS
... > with real-world attacks from CORE IMPACT. ... delivery of this message to an intended recipient), ...
(Focus-IDS)
Re: Evaluating IDS
... What type of attacks would have the highest impact ... Lastly anyone know where I can get a virus to use and any recommendations in that area? ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: ISS Proventia email overflow
... In buffer overflow attacks, an attacker supplies data that is longer ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: IDS event filtering
... It is important to avoid tuning out real attacks when they happen by having over-pruned the inside attack tree... ... > ingress - egress firewall rules, IDS configs, or whatever. ... > CORE IMPACT. ... > Find out quickly and easily by testing it with real-world attacks from ...
(Focus-IDS)
Re: Re: how to avoid false positive in generic cross site scripting attack ids signature
... but problem is false positives. ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
(Focus-IDS)