Re: To test IPS/IDS box.



There are several tools that you can use to aid in testing.

I would use some automated scanning tools first such as Nessus; this will show you how much information can be gathered about a remote system.

Metasploit can also be of use in this situation. I would suggest looking into the ips_filter.rb plugin.

You can also check some conference archives, and SANS reading room for more ideas, and techniques.

http://www.sans.org/reading_room/

http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.html

I know that there was a presentation that was done in 2006 about, ids and ips evasion. I am sure that there are ton's of others.

Joshua Gimer


On May 5, 2008, at 11:10 AM, Jamie Riden wrote:

Try to break into the network (make sure you have explicit permission
first!) and see if it stops you, or alerts. Have a play with nessus,
nmap and metasploit for example.

I wouldn't actually go as far as attempting to infect the network with
a virus- if it did work then you would have serious problems. You
could try it on a completely isolated test network.

cheers,
Jamie

On 05/05/2008, Paari <paarim@xxxxxxxxxxxxxxx> wrote:

Hi guys,

Can you please give me some reference or links on how to test IPS/IDS
hardware box.


Thanks,
Paari

--
Jamie Riden / jamesr@xxxxxxxxxx / jamie@xxxxxxxxxxxxxxx
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------