IPS Test Attack Signatures

Unanswered Question
Feb 9th, 2007

I want to test my IPS triggering an inbound IPS Sig event. Can anyone advise if Cisco has test attack files available to download for this purpose?

Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jlimbo Sun, 02/11/2007 - 19:49

We do not provide attack files, however if you simply want to test the signatures, some alerts which are easy to fire are:

2004-0 ICMP Echo Request

2000-0 ICMP Echo Reply

Please ensure you enable them, as they are disabled by default.

ms4561 Mon, 02/12/2007 - 14:25

The signatures you advise do not exist in my .sdf (checked "sh ip ips sig"). only sigs in the 2000 cat(ICMP) are 2156, 2156:0,1,2.

Appreciate any further suggestions.

daviddtran Thu, 02/15/2007 - 19:19

Use nessus or hping2 to test signatures. You will get tons of alarms when using nessus or

hping2 to simulate an attack on your network.

David

CCIE security

Actions

This Discussion