What tools can I use to test/attack my NIDS?

B&W

B&W

Soldato
Joined
3 Oct 2003
Posts
7,668
Location
Birmingham
Hi there as part of my final year project I must install an NIDS in a virtual machine environment.

I intend to attack the NIDS with specific malware or code that will try to detect if the NIDS is running in a VM environment.

I dont have much time left (Monday hand in) and am yet to find the tools, where would I obtain them from?
 
Can i ask what nids you are using? I'd like to see the results of something like this, i've been meaning to setup something like this

What type of malware code are we talking about? Would port scanning etc not be enough?
 
well im still setting it up, but so far it looks like www.winsnort.com (if i get it to work..). Otherwise some other windows based snort distro.

Well my project is basically asking if theres any advantages to running a NIDS in a VM environment.

So im trying to see if I could do some kinda testing which would enable me to test if its possible to find out that the NIDS is running in a VM.
 
Last edited:
Well I have a NIDS up and running at last, thank god. :) Now I need to find ways to attack it. I have already used NMAP to do a portscan, it revealed a few things including the OS but it did not reveal any sign that it was a Virtual Machine.
 
Give nmap a try, the NDIS should detect a lot of its activity. Also as said it should be able to detect things like the injection of shellcode from tools like metasploit.

Also recommend Nessus.
 
Thank you guys.

Would you know if I could run any code or use some software scan the VM externally to detect its presence?

I can run code inside a VM which will detect its presence, but something that could do this externally would be brilliant.
 
Back
Top Bottom