Re: Triggering IDS

From: Andres Riancho (andres.riancho@gmail.com)
Date: Thu Mar 16 2006 - 12:17:08 EST

• Next message: Chris Dalton: "RE: Legality of blue tooth hacking"
• Previous message: Tim Hurman: "Re: Legality of blue tooth hacking"
• In reply to: AdamT: "Triggering IDS"
• Next in thread: Jean-Philippe Luiggi: "Re: Triggering IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Adam,

    When I need to do something like that I use one of the following :

        idswakeup
        nmap -O -T Aggresive ip-behind-ids

    If the other end is a webserver and you need a really quick test :

        wget http://ip-behind-ids/../../../../././etc/passwd

    If nothing triggers your IDS you should try with:

        Nessus
        nikto

    If you need to do many tests, you could use tcpdump to capture an
attack and then tcpreplay to resend those packets. There is also a
project called tomahawk that you should check.

Cheers,

Andres Riancho
http://www.securearg.net/

AdamT wrote:
> Dear all,
>
> Y'know how there's the EICAR anti virus test file, which lets you see
> if your anti-virus is working, well, I was wondering if there was
> something similar to let you see what happens when your IDS triggers?
>
> Should I just send a lot of NOPs in a TCP session, or make obvious
> port scans, or is there some kind of 'industry standard' way to
> deliberately trigger IDS alarms?
>
> --
> AdamT
> 'Thank-you for not requesting read receipts'
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> As attacks through web applications continue to rise, you need to proactively
> protect your applications from hackers. Cenzic has the most comprehensive
> solutions to meet your application security penetration testing and
> vulnerability management needs. You have an option to go with a managed
> service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
> Download FREE whitepaper on how a managed service can help you:
> http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com
> ------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------

• Next message: Chris Dalton: "RE: Legality of blue tooth hacking"
• Previous message: Tim Hurman: "Re: Legality of blue tooth hacking"
• In reply to: AdamT: "Triggering IDS"
• Next in thread: Jean-Philippe Luiggi: "Re: Triggering IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:41 EDT