Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS Evaluation

from [David W. Goodrum] Network Security [Permanent Link]
Subject: Re: IDS Evaluation
Date: Mon, 28 Mar 2005 23:16:32 -0500
We've been using Core Impact as an exploit tool (as opposed to vulnerability scanning). It's not free, but it's really easy to use, and does some very cool stuff, and helps us show the effectiveness of IPS. We actually include a limited license copy of Core Impact with our Evaluation boxes that we ship so people can easily evaluate our IPS products. (Limited in terms of, it can only exploit 1 IP address, which happens to be a vulnerable server we include in the demo for Core to exploit.) It's really great for showing the effectiveness of IPS, when you remove the IPS from the middle and let Core succeed in compromising the victim. I think somebody already mentioned it on the list, but Metasploit is also very good. I have not used Canvas yet.

-dave

--
David W. Goodrum
(nfr)(security)
http://www.nfr.com



Ron Gula wrote:

At 12:27 PM 3/25/2005, you wrote:

Hi,

i'm developing a project which consist on evaluating IDSs. I'm thinking
of using nessus as a tool to test the number of malicious packets sent
to the ids, and the number of good ones, in order to take statistics
about the accuracy of the ids. Any idea about this?

Thanks for your help. 


Nessus has a lot of anti-ids features which still bypass some systems
today. If you don't have a UNIX box to run Nessus, you could also try
the NeWT scanner which does not have a cost for Class-C usage.

However, when you run vuln scanners against an IDS, you only really
test how an IDS detects vuln scanning. You should also add into you
test suite tools which conduct active exploitation. There is a big
difference between testing a system to see if it's version of bind
is vulnerable, and actually executing an overflow. What the IDS
reports in both cases can be astonishingly clear, or very disappointing.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com
http://www.nessus.org






-------------------------------------------------------------------------- 

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
-------------------------------------------------------------------------- 




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS Evaluation, sam f. stover
Next by Date:  IP 127.0.0.1, Javier Otero De Alba
Previous by Thread:  Re: IDS Evaluation, Raffael Marty
Next by Thread:  RE: IDS Evaluation, Maynor, David (ISS Atlanta)
Indexes:  [Date] [Thread] [Top] [All Lists]