[NCSA-discuss] packet captures
Jeff The Riffer
riffer at vaxer.net
Tue Feb 27 13:58:17 EST 2007
On Tue, February 27, 2007 9:44 am, Iztok Umek wrote:
> NMap/Nessus doesn't make sense for testing IPS.
Sure it does.
> Only thing that would do is to test how good IPS are to detect scanning.
See, you proved my point. :)
We were doing a very comprehensive test so we made no assumptions about
capabilities of the products. But you are right in that NMap and Nessus by
themselves would not be sufficient.
> Hence I am looking for actual packet captures to be replayed to test IPS.
Problem with that is a packet capture replay will be for whatever IP addresses
were in play when the capture is done, so that won't really work either. You
can muck around with the .cap file and change the IPs and MAC addresses but
it's an iffy solution.
Core Impact is really great. But it's commercial and expensive, so most folks
aren't going to have it. But, Metasploit is free and can do many of the same
things. Just not as easily.
####################==============---- ----==============####################
# riffer at vaxer.net - Jeff The Riffer - Drifter... - Homo Postmortemus #
# Disclaimer: I am not a number, I am a free man, and my thoughts are my own. #
# GCS$ d-- H++ s:++ !g p+ au0 a31 w+ v?(*) C++ UA P? L 3 E---- N++ K- W-- M+ V#
# po--- Y+ t+ 5+ !j R G' tv b+ D++ B--- e+ u--- h--- f+ r+++ n- y+++* #
More information about the ncsa-discussion
mailing list