From: Frederic Charpentier (fcharpentier@xmcopartners.com)
Date: Thu Mar 11 2004 - 04:30:06 EST
hi.
Some tools are ok to test an IDS, but this is not the best way to do that.
A tool will generate stupids triggers to wake up your IDS, like old CGIs
attacks et low-level tcp/ip tricks.
The best way is to be understand the patterns you set up in your IDS.
No matters that some stupid guys performs ping-attacks or silly cgis
attacks !!
* Try bufferoverflow/shellcodes patterns, and do simple test like :
copy/paste a shellcode into a telnet session.
* For http intrusion detection, detecting IIS nimda attacks is not
efficient, try to trigger your IDS with XSS/SQL-Injection techniques is
much more efficient:
sample :
http://website/script?req=