Use the worms themselves if you're testing IDS/IPS systems. Just isolate them and setup a test system that you infect with the worms. Use this system to pound away at the IDS.
If you need more systems you can always throw VMWare onto your test system and create them virtually. Nothing better to test with than the real thing! -----Original Message----- From: Joey Peloquin [mailto:[EMAIL PROTECTED] Sent: Friday, August 18, 2006 7:50 AM To: miaomitiff119 Cc: [email protected] Subject: Re: Worm attack generation tools miaomitiff119 wrote: > Hi,:) > Does anyone know any tools which can be used to simulate attack traffic > (especially traffic pattern of worm attacks)? It is for the purpose of > testing IDSs. I've looked at PACKIT and Netcat, but they can't generate > "simultaneous" connections which is required for generating worm spreading > behaviour...(or are there any ways to use PACKIT or Netcat to generate > simultaneous connections?) > > Many thanks!:) Assuming you're wanting to test detections versus connections per second, you might try Tomahawk. We used it for testing NIPS, but I don't see why you couldn't use it for IDS as well. http://tomahawk.sourceforge.net/ It's been discussed on this list before, ad nauseam, but keep in mind, ICSALabs rewrote most of the code for their certification program (v1.1), so it shouldn't be considered a TippingPoint-leaning tool, as it has in the past. -jp ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
