Re: To test IPS/IDS box.

---

• From: Joshua Gimer <jgimer@xxxxxxxxx>
• Date: Mon, 5 May 2008 13:28:39 -0600

---

There are several tools that you can use to aid in testing.

I would use some automated scanning tools first such as Nessus; this will show you how much information can be gathered about a remote system.

Metasploit can also be of use in this situation. I would suggest looking into the ips_filter.rb plugin.

You can also check some conference archives, and SANS reading room for more ideas, and techniques.

http://www.sans.org/reading_room/

http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.html

I know that there was a presentation that was done in 2006 about, ids and ips evasion. I am sure that there are ton's of others.

Joshua Gimer


On May 5, 2008, at 11:10 AM, Jamie Riden wrote:

Try to break into the network (make sure you have explicit permission
first!) and see if it stops you, or alerts. Have a play with nessus,
nmap and metasploit for example.

I wouldn't actually go as far as attempting to infect the network with
a virus- if it did work then you would have serious problems. You
could try it on a completely isolated test network.

cheers,
Jamie

On 05/05/2008, Paari <paarim@xxxxxxxxxxxxxxx> wrote:

Hi guys,

Can you please give me some reference or links on how to test IPS/IDS
hardware box.


Thanks,
Paari

--
Jamie Riden / jamesr@xxxxxxxxxx / jamie@xxxxxxxxxxxxxxx
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: To test IPS/IDS box.
    • From: Leon Ward

• References:
  • To test IPS/IDS box.
    • From: Paari
  • Re: To test IPS/IDS box.
    • From: Jamie Riden

• Prev by Date: Re: To test IPS/IDS box.
• Next by Date: Single and Double flux DNS activity detection and prevention
• Previous by thread: Re: To test IPS/IDS box.
• Next by thread: Re: To test IPS/IDS box.
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2008-05