Robert D. Holtz wrote: > Use the worms themselves if you're testing IDS/IPS systems. > > Just isolate them and setup a test system that you infect with the worms. > Use this system to pound away at the IDS. > > If you need more systems you can always throw VMWare onto your test system > and create them virtually. > > Nothing better to test with than the real thing!
Excellent idea, Robert! The only problem is scalability, which you already hinted at. It'd take a lot of VMs to generate the kind of traffic I'm looking for ;) -jp ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
