Q

Testing an intrusion-detection system

I'm trying to test our HIDS implementation and want to see intrusion detection system (IDS) responses to a server compromise and a rootkit install. Is there somewhere I can download one of the latest rootkits such as t0rn, tuxkit, etc. so I can install it on a lab server for testing purposes? I also want to test chkrootkit scripts to verify effectiveness.


 

Testing any IDS is always difficult. I would use products such as ISS Scanner or Nessus. Nessus is freeware and does a fine job or better than ISS. There are also many other tools located at Altavista and malicious sites that can do the same, but most don't have all the tools that Nessus provides.

Depending on the HIDS product and your settings, you can do both manual attempts on the device as well as Nessus. You can also do simple things using tools like SamSpade, Ping, netuse, netcat, netbus and many others. IF you are good at perl scripting, you could create many scripts that attempt logins or guess passwords.

To prove your point, you may need NIDS to record your attempts or a sniffer if the packets slip by the NIDS, which in the case most will.


For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: Low-cost security tool
Best Web Links: Intrusion detection
Webcast Archive: Intrusion detection


 

This was first published in September 2002

Dig deeper on Network Intrusion Detection (IDS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close