« Return to Thread: To test IPS/IDS box.
Re: To test IPS/IDS box.
by Joshua Gimer
::
Rate this Message:
There are several tools that you can use to aid in testing.
I would use some automated scanning tools first such as Nessus; this
will show you how much information can be gathered about a remote
system.
Metasploit can also be of use in this situation. I would suggest
looking into the ips_filter.rb plugin.
You can also check some conference archives, and SANS reading room for
more ideas, and techniques.
http://www.sans.org/reading_room/
http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.html
I know that there was a presentation that was done in 2006 about, ids
and ips evasion. I am sure that there are ton's of others.
Joshua Gimer
On May 5, 2008, at 11:10 AM, Jamie Riden wrote:
> Try to break into the network (make sure you have explicit permission
> first!) and see if it stops you, or alerts. Have a play with nessus,
> nmap and metasploit for example.
>
> I wouldn't actually go as far as attempting to infect the network with
> a virus- if it did work then you would have serious problems. You
> could try it on a completely isolated test network.
>
> cheers,
> Jamie
>
> On 05/05/2008, Paari <paarim@...> wrote:
>>
>> Hi guys,
>>
>> Can you please give me some reference or links on how to test
>> IPS/IDS
>> hardware box.
>>
>>
>> Thanks,
>> Paari
>
> --
> Jamie Riden / jamesr@... / jamie@...
> UK Honeynet Project: http://www.ukhoneynet.org/
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
I would use some automated scanning tools first such as Nessus; this
will show you how much information can be gathered about a remote
system.
Metasploit can also be of use in this situation. I would suggest
looking into the ips_filter.rb plugin.
You can also check some conference archives, and SANS reading room for
more ideas, and techniques.
http://www.sans.org/reading_room/
http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.html
I know that there was a presentation that was done in 2006 about, ids
and ips evasion. I am sure that there are ton's of others.
Joshua Gimer
On May 5, 2008, at 11:10 AM, Jamie Riden wrote:
> Try to break into the network (make sure you have explicit permission
> first!) and see if it stops you, or alerts. Have a play with nessus,
> nmap and metasploit for example.
>
> I wouldn't actually go as far as attempting to infect the network with
> a virus- if it did work then you would have serious problems. You
> could try it on a completely isolated test network.
>
> cheers,
> Jamie
>
> On 05/05/2008, Paari <paarim@...> wrote:
>>
>> Hi guys,
>>
>> Can you please give me some reference or links on how to test
>> IPS/IDS
>> hardware box.
>>
>>
>> Thanks,
>> Paari
>
> --
> Jamie Riden / jamesr@... / jamie@...
> UK Honeynet Project: http://www.ukhoneynet.org/
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
« Return to Thread: To test IPS/IDS box.
| Free embeddable forum powered by Nabble | Forum Help |
