Meraki

Community

IDS/IPS Security Testing

ph0t0g
Getting noticed
‎Nov 13 2018 9:44 AM
‎Nov 13 2018 9:44 AM

IDS/IPS Security Testing

I don't know a lot about security penetration testing, but I would like to test my MX's IDS/IPS. I tried nmap, but it did not produce any events in Security Center. I have Metasploit running but I don't know what tests to try. Has anyone tried this before?

 

Any suggestions would be appreciated.

 

-P

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 13 2018 10:17 AM
‎Nov 13 2018 10:17 AM

nmap is simply a scanning tool.  You would need to use something like Metasploit - and have a target you own that you can attack.

 

You'll need to hunt around for scripts you can use to perform the attack.

0 Kudos
In response to PhilipDAth
ph0t0g
Getting noticed
‎Nov 13 2018 11:24 AM
‎Nov 13 2018 11:24 AM

I know some IDS/IPS vendors have test sites for their products. They basically send a test pattern that will be picked up as a threat by their IDS/IPS.

 

http://www.kerio.com/control/ips-test

 

This is similar checking your AV by scanning the EICAR test file. Does anyone know of such a test for Sourcefire's SNORT? Or any other simple testing tool?

 

Thanks.

 

-P

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.