Hi Elias,
Which IDS product you are testing???
Instead of looking for pcap files.You can use packet generation tool to
reproduce the malicious traffic
(like hping,nemisis,engage packet builder ..etc).Even if you get sources I
am pretty sure they will get
detected by your IDS.
If you are really want test IDS look for IDS evasion tools. That will really
test your IDS product.
Thank you,
Regards,
Ratna Kumar
----- Original Message -----
From: "Elias-Bachrach, Ari (HQ-WRH10)" <[EMAIL PROTECTED]>
To: "Focus-Ids Mailing List" <[email protected]>
Sent: Tuesday, February 14, 2006 3:37 AM
Subject: Testing IDS with tcpreplay
I'm trying to do some IDS testing, and after digging through the list
archives, the method that appeals the most to me (based in it being both
free and very useful for my current situation), is using tcpreplay with
some pcap files to replay various network attacks and see if the IDS picks
them up. My problem is this - I can't seem to locate a good source of pcap
files online that I can replay. I've tried the usual suspects (defcon,
sourcefire, etc.), but I can't seem to locate any. If anyone knows of any
trace files of network attacks (especially successful attacks) that can be
replayed to test an IDS, I'd certainly appreciate it.
thanks
Ari Elias-Bachrach
NASA OIG
[EMAIL PROTECTED]
(202) 358-4578
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
