Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS Evaluation

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: IDS Evaluation
Date: Mon, 28 Mar 2005 12:33:51 -0500
At 12:27 PM 3/25/2005, you wrote: 
Hi,

i'm developing a project which consist on evaluating IDSs. I'm thinking
of using nessus as a tool to test the number of malicious packets sent
to the ids, and the number of good ones, in order to take statistics
about the accuracy of the ids. Any idea about this?

Thanks for your help. 

Nessus has a lot of anti-ids features which still bypass some systems
today. If you don't have a UNIX box to run Nessus, you could also try
the NeWT scanner which does not have a cost for Class-C usage.

However, when you run vuln scanners against an IDS, you only really
test how an IDS detects vuln scanning. You should also add into you
test suite tools which conduct active exploitation. There is a big
difference between testing a system to see if it's version of bind
is vulnerable, and actually executing an overflow. What the IDS
reports in both cases can be astonishingly clear, or very disappointing.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com
http://www.nessus.org






--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS/IPS Management devices, Dante Mercurio
Next by Date:  Re: New Gigabit IDS report, Bob Walder
Previous by Thread:  RE: IDS Evaluation, Matt Foster
Next by Thread:  Re: IDS Evaluation, sam f. stover
Indexes:  [Date] [Thread] [Top] [All Lists]