IPS Test Files

rmaerz · ‎10-27-2005

Are there any files available for download to test IPS functionality? e.g. a spyware test file, trojan test, vulnerability etc

a.arndt · ‎11-15-2005

You could use one of the following tools to generate traffic that the IPS could react too.

Open Source examples of VA tools include Nessus or Nmap. Also, Stick and Snot come to mind, as they were developed specifically to test security devices. If you like to craft packets, you could use Hping. If you want to get really fancy, you could use the Metasploit Framework...

If you prefer a commercial solution, there is the standard gamut of VA tools, or you could use something like IDS Informer or TrafficIQ. If you want to use a framework, CORE Impact will do the trick.

Any one of the above suggestions will generate traffic that an IPS will react to. Your choice will be driven by the volume and complexity of the testing you want to perform.

I hope this helps,

Alex Arndt

rhermes · ‎11-15-2005

You could always enable the signature for ICMP Echo (or Echo Reply) and run a few pings and check the IP addresses to see if it was you in the Alerts.

a.arndt · ‎11-16-2005

True, but now you've customized the sensor's configuration without necessarily proving that it was properly configured to begin with.

If the author of the original question has the intention of testing the configuration of the IPS, or more specifically observing what it does to traffic flow when it blocks, a few pings won't really accomplish it.

What I am trying to say is this - there's a big difference between testing to see that the IPS reacts and validation testing to see that the IPS reacts [i]correctly[/i].

That's why I provided a list of options, all with different purposes.

Alex Arndt