How to test an IDS appliance
Results 1 to 5 of 5

Thread: How to test an IDS appliance

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    3

    How to test an IDS appliance

    (Sorry for this perhaps stupid question, but I really don't know how to do it).
    My objective is to set up an automated test environment to evaluate how good is an IDS-like appliance that has been built by a friend of mine.

    I need to set up kind of script that sends various http requests to one or more websites reachable on the Internet. Of course I don't want to do this manually, and I need to process various types and lengths of http requests. I know pretty well C and Visual Basic. Is there any way I can automate the sending of http requests via these languages, or do I need other environments ?

    Thank you very much.

    Jamesmartin100

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    heh.. you could just get a machine infected with nimda.....

    what would do it for ya.

    but seriously... not being much of a programmer, I cant talk about that side of it.

    But, I am sure you could set up a shell script which would run nmap, saint, and a few of the other vulnerability scanners out there( if you go searching the
    |-|4><0r sites, you should find lots of other toolzzz which can scan for specific types of vulnerabilities), with lots of different options, so that your friends IDS would have lots and lots of exploit/intrusion like data to look at....

    maybe Im way off base...

    IchNiSan

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    oops, I meant to edit the above post.............


    you could find and look at the source for nimda/code red.. that would give you an idea how to code those http requests in VBscript...

    of course, there are lotts of other things besides webserver exploits that an IDS needs to be able to identify. So, if you just test it with web requests, it isnt going to really get a thorough testing...

  4. #4
    Junior Member
    Join Date
    Mar 2002
    Posts
    3
    Thanks IchNiSan. Actually this appliance is not really an IDS, it is more something dedicated to detecting threats coming through http requests via port 80 to the WEB server. It falls into the category called "WEB protection utilities", that's why I'm paticularly interested in http requests.

    Best regards,

    Jamesmartin100

  5. #5
    Junior Member
    Join Date
    Mar 2002
    Posts
    3
    Thanks IchNiSan. Actually this appliance is not really an IDS, it is more something dedicated to detecting threats coming through http requests via port 80 to the WEB server. It falls into the category called "WEB protection utilities", that's why I'm paticularly interested in http requests.

    Best regards,

    Jamesmartin100

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •