RE: Test scripts for NIDS

From: por. Ing. Martin Hlavacek (martin.hlavacek@vabo.cz)
Date: Sat Aug 28 2004 - 22:24:18 EDT

• Next message: Aditya: "RE: Help Exploiting MQ"
• Previous message: Jose Maria Lopez: "RE: listing directory structure within webserver root"
• In reply to: Stong, Ian C. (Contractor): "RE: Test scripts for NIDS"
• Next in thread: Singh, Yashpal: "RE: Test scripts for NIDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
the answer depends on the scale and thoroughness of the test you demand.
First step of course is nmaping (www.insecure.org/nmap) with some
aggressive switches turned on; you can initiate some alerts by common
vulnerability scanners (nessus). There are also some specialized
vulnerability&stress testers for specific www and ftp servers (babel for
example), you should test them too.
The snort (www.snort.org) IDS uses large and well defined set of
alert-rules and these rules might be used to generate "malicious"
traffic and therefore test the NIDS. There are some free tools to
perform this.
Check the internet for results of previous testing and for methodology
of the tests, half-cocked execution of skript-kiddies tools won't give
you relevant results.
You should also test false negatives by pluging network printers,
invalid url requests, etc. However I do not know any false negatives
testing tool.

=======================================
2nd Lt Martin Hlavacek
---------------------------------------
Department of IT, University of Defense
Czech Armed Forces, Czech Republic
=======================================
e-mail: martin.hlavacek@vabo.cz
icq: 66631356

> -----Original Message-----
> From: John Madden [mailto:chiwawa999@yahoo.com]
> Sent: Monday, August 30, 2004 3:00 PM
> To: pen-test@securityfocus.com
> Subject: Test scripts for NIDS
>
>
> Hi all,
>
> I'm looking for tools that can test the effectiveness
> of an NIDS like:
>
> - How much load can it take before dropping packets ?
> - What attacks can it detect or not detect
>
> etc...
>
> Any suggestions would be appreciated.
>
> Thanks

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Aditya: "RE: Help Exploiting MQ"
• Previous message: Jose Maria Lopez: "RE: listing directory structure within webserver root"
• In reply to: Stong, Ian C. (Contractor): "RE: Test scripts for NIDS"
• Next in thread: Singh, Yashpal: "RE: Test scripts for NIDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:02 EDT