On Mon, 23 Aug 2010 08:21:29 PDT, false said:
> I need to test my WAF. I want to set up a simple network in the lab like this:
> XP or Linux client <--> WAF <--> Honeypot/test webserver
>
> 1) Does anyone have any suggestions on what I can use to simulate/generate
> attacks/suspicous traffic towards the weberver from my client?
There's tools to do specifically that. However, you probably already have many
of the tools you need - just point stuff like nmap and nessus at your honeypot
and see if your WAF notices. If it doesn't notice you doing the nmap, it won't
notice an attacker doing the nmap. If you have hping3, try sending a few
christmas-tree packets at your honeypot, see what happens. Get a copy of
metasploit and point it at the honeypot. And so on. Pretty much any auditing
tool you have can also be used as an attack tool.
> I need to test my WAF. I want to set up a simple network in the lab like this:
> XP or Linux client <--> WAF <--> Honeypot/test webserver
>
> 1) Does anyone have any suggestions on what I can use to simulate/generate
> attacks/suspicous traffic towards the weberver from my client?
There's tools to do specifically that. However, you probably already have many
of the tools you need - just point stuff like nmap and nessus at your honeypot
and see if your WAF notices. If it doesn't notice you doing the nmap, it won't
notice an attacker doing the nmap. If you have hping3, try sending a few
christmas-tree packets at your honeypot, see what happens. Get a copy of
metasploit and point it at the honeypot. And so on. Pretty much any auditing
tool you have can also be used as an attack tool.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMc1jvcC3lWbTT17ARAmvdAJ0TPj/Gp6CqJ4NylIEm8zuzeVrTJgCfWUYN
6wJ3U28Epbjalj0nTORC5ek=
=7NiS
-----END PGP SIGNATURE-----
[ reply ]