lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47393.193.5.216.124.1094192169.squirrel@webmail.exigo.ch>
From: indianz at indianz.ch (indianz@...ianz.ch)
Subject: [RE: Test scripts for NIDS]

For to test with stick and snot you just throw alerts at the IDS, after
that, you should check the logs of the IDS to see what has been recorded
and what
dropped.
You also can throw (with stick and snot) and try to exploit the IDS from
another machine in the same time.

Have also a look at
http://packetstormsecurity.nl/distributed/stick.htm

Stick Download:
http://www.eurocompton.net/stick/projects8.html

Snot Download:
http://www.stolenshoes.net/sniph/index.html

IDSwakeup Download:
http://www.hsc.fr/ressources/outils/idswakeup/index.html.en

GreetZ from IndianZ

mailto:indianz@...ianz.ch
http://www.indianz.ch


> I've gotten alot of suggestions to test the
> signatures, i've got some to test the load but they
> were $$$, anything out there for free ?
>
> With a software and not an appliance how does one test
> the load to know when the IDS can no longer verify
> packets and they are being dropped ? Is this included
> in the software ?
>
> Thanks again everyone :)
>
>
>> > -----Original Message-----
>> > From: B?noni MARTIN
>> [mailto:Benoni.MARTIN@...ertis.ga]
>> > Sent: August 31, 2004 09:05
>> > To: John Madden; pen-test@...urityfocus.com
>> > Subject: RE: Test scripts for NIDS
>> >
>> <SNIP>
>> >
>> > I know there is a tool that generates Snort's
>> alerts, but I
>> > just cannot remeber it's name :(
>> >
>> The tool you're talking about is called "SNOT". You
>> can find it
>> here: http://www.stolenshoes.net/sniph/index.html
>>
>> From the file 'snot-0.92a-README.txt' post at that
>> URL:
>>
>> "Snot is an arbitrary packet generator, that uses
>> snort rules
>> files as its source of packet information. It
>> attempts at all
>> times to randomise information that is not contained
>> in the
>> rule, to hamper the generation of 'snot detection'
>> snort rules.
>>
>> It can be used as an IDS evasion tool, by using
>> specific decoy
>> hosts, or just something to keep your friendly IDS
>> monitoring
>> staff busy.
>>
>> It has been tested to run on *BSD, Linux, Win2k,
>> NT4.0 and Win98."
>>
>> I hope this helps,
>> Alex%

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ