IDS/IPS Security Testing

ph0t0g
Getting noticed

IDS/IPS Security Testing

I don't know a lot about security penetration testing, but I would like to test my MX's IDS/IPS. I tried nmap, but it did not produce any events in Security Center. I have Metasploit running but I don't know what tests to try. Has anyone tried this before?

 

Any suggestions would be appreciated.

 

-P

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

nmap is simply a scanning tool.  You would need to use something like Metasploit - and have a target you own that you can attack.

 

You'll need to hunt around for scripts you can use to perform the attack.

I know some IDS/IPS vendors have test sites for their products. They basically send a test pattern that will be picked up as a threat by their IDS/IPS.

 

http://www.kerio.com/control/ips-test

 

This is similar checking your AV by scanning the EICAR test file. Does anyone know of such a test for Sourcefire's SNORT? Or any other simple testing tool?

 

Thanks.

 

-P

Get notified when there are additional replies to this discussion.