What tools can I use to test/attack my NIDS?

B&W · 23 Apr 2008 at 16:15

Hi there as part of my final year project I must install an NIDS in a virtual machine environment.

I intend to attack the NIDS with specific malware or code that will try to detect if the NIDS is running in a VM environment.

I dont have much time left (Monday hand in) and am yet to find the tools, where would I obtain them from?

B&W · 23 Apr 2008 at 19:02

well im still setting it up, but so far it looks like www.winsnort.com (if i get it to work..). Otherwise some other windows based snort distro.

Well my project is basically asking if theres any advantages to running a NIDS in a VM environment.

So im trying to see if I could do some kinda testing which would enable me to test if its possible to find out that the NIDS is running in a VM.

B&W · 23 Apr 2008 at 21:00

Well I have a NIDS up and running at last, thank god.

Now I need to find ways to attack it. I have already used NMAP to do a portscan, it revealed a few things including the OS but it did not reveal any sign that it was a Virtual Machine.

B&W · 24 Apr 2008 at 01:32

Thank you guys.

Would you know if I could run any code or use some software scan the VM externally to detect its presence?

I can run code inside a VM which will detect its presence, but something that could do this externally would be brilliant.