|
|
Focus on IDS
Worm generating network attack traffic? Dec 03 2008 06:13AM isb_boy3 (isb_boy3 hotmail com) (3 replies) RE: Worm generating network attack traffic? Dec 04 2008 02:01PM Libershal, David M. (Dave Libershal jhuapl edu) Re: Worm generating network attack traffic? Dec 03 2008 09:06PM Skyler Bingham londen-insurance com (1 replies) |
|
Privacy Statement |
I think it is important to note that:
(Traffic generated by vulnerability scanners) != (attack traffic)
While vulnerability assessment (VA) scanners can/will generate alerts
I would advise against using them if you want to do any kind of real
analysis. In fact, you probably don't want an IDS that is going to
mistake something like a service probe / banner grab (which is what
many VA checks actually are) with an actual attack. Any IDS that does
is going to be *highly* false positive prone...
FWIW, I have found tools such as Core Impact, Metasploit, and Canvas
to be far better options for testing IDS/IPS signature engines.
Just my .02,
-Greg
On Wed, 3 Dec 2008, Skyler.Bingham (at) londen-insurance (dot) com [email concealed] wrote:
> Nessus is useful for this as it has thousands of checks that will generate
> a ton of attack traffic. The attacks are categorized by type, so you can
> limit the generated traffic to specific types of attacks (Windows, FTP,
> DoS, etc.). Metasploit can be used for very targeted attacks (specific
> exploits) which can be tweaked with different evasion options which is
> useful for testing IDSes. Both of these tools can be run from Windows.
>
> http://www.nessus.org/nessus/
> http://metasploit.org/
>
> Skyler Bingham
> GIAC {GSEC, GCIH, GCIA, GCFA}, CEH
> (602) 957-1650 x1139
>
> listbounce (at) securityfocus (dot) com [email concealed] wrote on 12/02/2008 11:13:11 PM:
>
> >
> > Hi
> > Does anyone know any tools which can be used to generate network attack
> > traffic ? It is for the purpose of testing IDSs OR for collecting offline
> > intrusion detection dataset like 1999 DARPA dataset. I have windows xp
> > installed so i need a tool or worm tool to generate network traffic so
> that
> > i can collect by wireshark.
> > waiting ur reply.
> > Thanks>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]