RE: Protocols for Testing Intrusion Detection?

Stewart [mailto:nonobvi...@gmail.com] Sent: Monday, May 14, 2012 7:53 PM To: NANOG list Subject: Protocols for Testing Intrusion Detection? I'm looking for recommended protocols to use for testing intrusion detection and maybe also firewall logging. Basically I need some kind of protocol

Re: Protocols for Testing Intrusion Detection?

On Mon, 14 May 2012 16:52:36 -0700, Bill Stewart said: - Is there any application that can actually set the RFC3514 Evil Bit? Here ya go. hping3 patch. Swiss army knives always need one more blade... --- hping3-20051105/globals.h.3514 2007-04-27 16:14:42.0 -0400 +++

Re: Protocols for Testing Intrusion Detection?

On May 14, 2012, at 7:52 PM, Bill Stewart wrote: - Is there any application that can actually set the RFC3514 Evil Bit? Code was added to FreeBSD to set it (though I think the commit was later reverted); see the change logs at https://www.cs.columbia.edu/~smb/3514.html

Protocols for Testing Intrusion Detection?

I'm looking for recommended protocols to use for testing intrusion detection and maybe also firewall logging. Basically I need some kind of protocol that it's ok to discard traffic for in a production network, so I can be sure that the various systems that should be detecting it and generating