Try the Mu-4000 (www.musecurity.com). You can use it to automate all
of the tools listed below in the Mu-4000 platform in addition to what
we call published vulnerability analysis - running known
vulnerabilities (it's a subscribed feed) to audit
networks/utm's/firewalls/idp's/ids's/etc.
Disclaimer: I co-founded Mu and was the chief architect for the IDP
product line from Juniper/Netscreen/Onesecure.
K.
On 8/27/06, SanjayR <sanjayr@intoto.com> wrote:
At 07:23 PM 8/24/2006, Deepak Seth wrote:
>
>Hello Jarleay,
>
>There are lots of tools freely available in the internet that you can use
>for IDS testing:
>1. Nessus
Nessus is a bad choice to test IDS as it is a vulnerability scanner.
so in many cases, it simply look for the version and reports if the
version is vulnerable. Therefore, no corresponding log will be found
in your IDS => many False Negatives (actually leading to FPs!!!!,
i.e. wrong conclusion)
>2. Hping
can be a good tool, but again it is a tool for crafting packets. you
should know what to send.
>3. Nmap
known tool for reconnaissance.
>4. Snort
How?? it itself is an IDS, so please let me know how can I use it to
test an IDS?
>5. TCP Replay
Again, it is a pcap file re-transmission tool. you need to have
capture of attacks.
>6. Netcat
Again good for reconnaissance and sending data, if you know what to send.
In my opinion, apart from tools mentioned in other mails under the
same thread, Metasploit (free) and TrafficIQ (commercial) and Core
Impact (commercial) are good choices.
Regards
-Sanjay
Sanjay Rawat
Security Research Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 424
Website : www.intoto.com
Homepage: http://sanjay-rawat.tripod.com
>Search for these toold in google and you will get the corresponding
website.
>
>-Deepak
>
>-----Original Message-----
>From: jarleay@gmail.com [mailto:jarleay@gmail.com]
>Sent: Monday, August 21, 2006 10:14 PM
>To: focus-ids@securityfocus.com
>Subject: IDS testing tools
>
>I'm currently trying to find tools to test my IDS setup. I'm having problems
>finding active web pages where I can download tools like SNOT and STICK for
>download.
>
>
>1. Do you guys have any good sites that work properly for download?
>
>
>2. Do you recommend other good tools for testing? This is only a small LAN
>with one IDS
>
>
>3. Should I run the attacking machine on Winxp or some linux version? I'm
>most familiar with windows :(
>
>
>Cheers!
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks from CORE
>IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
