IPS Test Attack Signatures

Unanswered Question
Feb 9th, 2007

I want to test my IPS triggering an inbound IPS Sig event. Can anyone advise if Cisco has test attack files available to download for this purpose?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jlimbo Sun, 02/11/2007 - 19:49

We do not provide attack files, however if you simply want to test the signatures, some alerts which are easy to fire are:

2004-0 ICMP Echo Request

2000-0 ICMP Echo Reply

Please ensure you enable them, as they are disabled by default.

ms4561 Mon, 02/12/2007 - 14:25

The signatures you advise do not exist in my .sdf (checked "sh ip ips sig"). only sigs in the 2000 cat(ICMP) are 2156, 2156:0,1,2.

Appreciate any further suggestions.

daviddtran Thu, 02/15/2007 - 19:19

Use nessus or hping2 to test signatures. You will get tons of alarms when using nessus or

hping2 to simulate an attack on your network.


CCIE security


This Discussion