|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kurt Seifried (bugtraq
seifried.org)Date: Fri Sep 28 2001 - 06:40:53 CDT
One simple way would be to shove a lot of traffic through and then launch
attacks (get code from packetstorm or similar). You know what you are
sending, and by checking the reports can easily figure out what % of attacks
are detected, also how good the info is (i.e.: attack foo detected" verses
"attack foo detected, go find all your win2k servers and make sure patch
#xxx is applied"). Plus there are things like Dug Song's frag router and
other tools you can use to make the IDS's life more realistic (you better
believe attackers use this stuff).
Kurt Seifried, kurtseifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "hu jinhua" <hujhneusoft.com>
To: <focus-idssecurityfocus.com>
Sent: Friday, September 28, 2001 12:00 AM
Subject: Evaluation for IDS
> I need help about testing methodology for IDS, or
> criteria about evaluating IDS. who can tell me about
> this.
> Someone who have knowledge about this please
> mail me. My E-mail address is hujhneusoft.com.
> Thanks very much!
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]