miaomitiff119 wrote: > Hi,:) > Does anyone know any tools which can be used to simulate attack traffic > (especially traffic pattern of worm attacks)? It is for the purpose of > testing IDSs. I've looked at PACKIT and Netcat, but they can't generate > "simultaneous" connections which is required for generating worm spreading > behaviour...(or are there any ways to use PACKIT or Netcat to generate > simultaneous connections?) > > Many thanks!:)
Assuming you're wanting to test detections versus connections per second, you might try Tomahawk. We used it for testing NIPS, but I don't see why you couldn't use it for IDS as well. http://tomahawk.sourceforge.net/ It's been discussed on this list before, ad nauseam, but keep in mind, ICSALabs rewrote most of the code for their certification program (v1.1), so it shouldn't be considered a TippingPoint-leaning tool, as it has in the past. -jp ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
