I think it is important to note that: (Traffic generated by vulnerability scanners) != (attack traffic)
While vulnerability assessment (VA) scanners can/will generate alerts I would advise against using them if you want to do any kind of real analysis. In fact, you probably don't want an IDS that is going to mistake something like a service probe / banner grab (which is what many VA checks actually are) with an actual attack. Any IDS that does is going to be *highly* false positive prone... FWIW, I have found tools such as Core Impact, Metasploit, and Canvas to be far better options for testing IDS/IPS signature engines. Just my .02, -Greg On Wed, 3 Dec 2008, [EMAIL PROTECTED] wrote: > Nessus is useful for this as it has thousands of checks that will generate > a ton of attack traffic. The attacks are categorized by type, so you can > limit the generated traffic to specific types of attacks (Windows, FTP, > DoS, etc.). Metasploit can be used for very targeted attacks (specific > exploits) which can be tweaked with different evasion options which is > useful for testing IDSes. Both of these tools can be run from Windows. > > http://www.nessus.org/nessus/ > http://metasploit.org/ > > Skyler Bingham > GIAC {GSEC, GCIH, GCIA, GCFA}, CEH > (602) 957-1650 x1139 > > [EMAIL PROTECTED] wrote on 12/02/2008 11:13:11 PM: > > > > > Hi > > Does anyone know any tools which can be used to generate network attack > > traffic ? It is for the purpose of testing IDSs OR for collecting offline > > intrusion detection dataset like 1999 DARPA dataset. I have windows xp > > installed so i need a tool or worm tool to generate network traffic so > that > > i can collect by wireshark. > > waiting ur reply. > > Thanks> > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
