Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Worm attack generation tools

from [Robert D. Holtz] Network Security [Permanent Link]
Subject: RE: Worm attack generation tools
Date: Fri, 18 Aug 2006 19:50:15 -0500 
Use the worms themselves if you're testing IDS/IPS systems.  

Just isolate them and setup a test system that you infect with the worms.
Use this system to pound away at the IDS.  

If you need more systems you can always throw VMWare onto your test system
and create them virtually.

Nothing better to test with than the real thing!

-----Original Message-----
From: Joey Peloquin [mailto:joeyp@cotse.net] 
Sent: Friday, August 18, 2006 7:50 AM
To: miaomitiff119
Cc: focus-ids@securityfocus.com
Subject: Re: Worm attack generation tools

miaomitiff119 wrote:

Hi,:)
Does anyone know any tools which can be used to simulate attack traffic
(especially traffic pattern of worm attacks)? It is for the purpose of
testing IDSs. I've looked at PACKIT and Netcat, but they can't generate
"simultaneous" connections which is required for generating worm spreading
behaviour...(or are there any ways to use PACKIT or Netcat to generate
simultaneous connections?)

Many thanks!:)


Assuming you're wanting to test detections versus connections per second,
you might try Tomahawk.  We used it for testing NIPS, but I don't see why
you couldn't use it for IDS as well.

http://tomahawk.sourceforge.net/

It's been discussed on this list before, ad nauseam, but keep in mind,
ICSALabs rewrote most of the code for their certification program (v1.1), so
it shouldn't be considered a TippingPoint-leaning tool, as it has in the
past.

-jp

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What are the best open source cisco pix log analyzers?, kphilipsen
Next by Date:  Re: Worm attack generation tools, Joey Peloquin
Previous by Thread:  Re: Worm attack generation tools, Joey Peloquin
Next by Thread:  Re: Worm attack generation tools, Joey Peloquin
Indexes:  [Date] [Thread] [Top] [All Lists]