> Thank you so much, for all your replies. But there is some misconception
> from my query. I actually meant how to test the IPS hardware box, like
> testing the processor and the sensing ports and how to melt down the IPS
> hardware box. Basically the general guide line for testing the IPS/IDS
> hardware box. Do we need any specific tools for this?
NSS Labs ( http://nsslabs.com/ ) is an outfit that does exactly this.
They do use specialized equipment, such as the Spirent Avalanche to do
this, but you could probably rig up a simplified version with some
bare-bones Linux boxes (I would recommend using dedicated Intel NICs)
on a separate network and some tools like netcat, hping, and the afore
mentioned metasploit. The thing I really like about NSS Labs is that
they publish their evaluation criteria, which you can find on their
website. This criteria looks not just at detection of exploits, but at
performance issues and evasion as well (who cares what an IDS can
detect if an attacker can just put it out of commission first?).
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
> from my query. I actually meant how to test the IPS hardware box, like
> testing the processor and the sensing ports and how to melt down the IPS
> hardware box. Basically the general guide line for testing the IPS/IDS
> hardware box. Do we need any specific tools for this?
NSS Labs ( http://nsslabs.com/ ) is an outfit that does exactly this.
They do use specialized equipment, such as the Spirent Avalanche to do
this, but you could probably rig up a simplified version with some
bare-bones Linux boxes (I would recommend using dedicated Intel NICs)
on a separate network and some tools like netcat, hping, and the afore
mentioned metasploit. The thing I really like about NSS Labs is that
they publish their evaluation criteria, which you can find on their
website. This criteria looks not just at detection of exploits, but at
performance issues and evasion as well (who cares what an IDS can
detect if an attacker can just put it out of commission first?).
Hope this helps,
Terry
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]