[NCSA-discuss] packet captures
Jeff The Riffer
riffer at vaxer.net
Tue Feb 27 09:18:18 EST 2007
On Tue, February 27, 2007 8:39 am, Iztok Umek wrote:
> I am not asking about the results :) I am looking for packet captures
> used to test :)
Ah! Sorry, I mis-understood. I can't talk about the products we tested or the
results, but I can talk about some of the methodology.
We used several tools to generate abberant behavior, rather than packet
replays. One was Core Impact, which actually exploits known holes and installs
agents. It can do TCP evasion techniques to a limited extant.
For abberant behavior, we found a nifty little open-source tool called isic,
which lets you generate all sorts of abnormal traffic:
http://www.mirrors.wiretapped.net/security/packet-construction/isic/
It has binaries to generate abnormal ethernet, UDP, TCP, IP, and ICMP traffic.
You can control percentages of the different abnormalities as well as volume
of traffic. It's VERY noisy and aggressive stuff, but great for seeing if you
can brign down a system.
You can also use to to generate a packet storm while trying to sneak in
through a more mundane attack amd trick your IDS/IPS route.
We had problems getting it compiled, but someone was able to find a Debian
package for it. The Debian package was converted to RPM using Alien and the
RPM worked great under SuSe 10.0.
Other than that we just used NMap and Nessus to generate varying levels of
traffic and alerts. Isic was very useful for us...
####################==============---- ----==============####################
# riffer at vaxer.net - Jeff The Riffer - Drifter... - Homo Postmortemus #
# Disclaimer: I am not a number, I am a free man, and my thoughts are my own. #
# GCS$ d-- H++ s:++ !g p+ au0 a31 w+ v?(*) C++ UA P? L 3 E---- N++ K- W-- M+ V#
# po--- Y+ t+ 5+ !j R G' tv b+ D++ B--- e+ u--- h--- f+ r+++ n- y+++* #
More information about the ncsa-discussion
mailing list