Re: To test IPS/IDS box.

Mon, 05 May 2008 12:55:36 -0700 

There are several tools that you can use to aid in testing.
I would use some automated scanning tools first such as Nessus; this will show you how much information can be gathered about a remote system.
Metasploit can also be of use in this situation. I would suggest looking into the ips_filter.rb plugin.
You can also check some conference archives, and SANS reading room for more ideas, and techniques. 

http://www.sans.org/reading_room/

http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.html
I know that there was a presentation that was done in 2006 about, ids and ips evasion. I am sure that there are ton's of others. 

Joshua Gimer


On May 5, 2008, at 11:10 AM, Jamie Riden wrote:


Try to break into the network (make sure you have explicit permission
first!) and see if it stops you, or alerts. Have a play with nessus,
nmap and metasploit for example.

I wouldn't actually go as far as attempting to infect the network with
a virus- if it did work then you would have serious problems. You
could try it on a completely isolated test network.

cheers,
Jamie

On 05/05/2008, Paari <[EMAIL PROTECTED]> wrote:


Hi guys,
Can you please give me some reference or links on how to test IPS/IDS 
hardware box.


Thanks,
Paari


--
Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED]
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. 
------------------------------------------------------------------------

Reply via email to