topic IPS Test Files in Network Security

IPS Test Files

rmaerz — Sun, 10 Mar 2019 09:43:05 GMT

Are there any files available for download to test IPS functionality? e.g. a spyware test file, trojan test, vulnerability etc

Re: IPS Test Files

a.arndt — Tue, 15 Nov 2005 14:40:05 GMT

You could use one of the following tools to generate traffic that the IPS could react too.

Open Source examples of VA tools include Nessus or Nmap. Also, Stick and Snot come to mind, as they were developed specifically to test security devices. If you like to craft packets, you could use Hping. If you want to get really fancy, you could use the Metasploit Framework...

If you prefer a commercial solution, there is the standard gamut of VA tools, or you could use something like IDS Informer or TrafficIQ. If you want to use a framework, CORE Impact will do the trick.

Any one of the above suggestions will generate traffic that an IPS will react to. Your choice will be driven by the volume and complexity of the testing you want to perform.

I hope this helps,

Alex Arndt

Re: IPS Test Files

rhermes — Tue, 15 Nov 2005 23:38:04 GMT

You could always enable the signature for ICMP Echo (or Echo Reply) and run a few pings and check the IP addresses to see if it was you in the Alerts.

Re: IPS Test Files

a.arndt — Wed, 16 Nov 2005 13:25:14 GMT

True, but now you've customized the sensor's configuration without necessarily proving that it was properly configured to begin with.

If the author of the original question has the intention of testing the configuration of the IPS, or more specifically observing what it does to traffic flow when it blocks, a few pings won't really accomplish it.

What I am trying to say is this - there's a big difference between testing to see that the IPS reacts and validation testing to see that the IPS reacts [i]correctly[/i].

That's why I provided a list of options, all with different purposes.

Alex Arndt