[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ISSForum] How to test Sensors?
In RealSecure 7, take a look at the "SensorStatistics" event that appeared in
This event is triggered every 15 minutes, and contains a count of the number of
packets seen. Look at the "event details" for SensorStatistics in order to see
It also shows what happening in the TCP state tracking tables. For example, if
you are getting large counts for the "tcp.misseddata_acks" or "tcp.onesided",
then there is likely a problem in the way you've tapped into traffic. And, of
course, if you aren't seeing many "ip.packets", then you likewise haven't
tapped correctly into traffic. (Note that if you aren't seeing any
SensorStatistics, then you aren't seeing any packets at all).
Once you've made sure that this is corrent, then go to a web-browser and type
in a hostile URL. The traditional one is "http://victim/cgi-bin/phf". Make sure
that the packets in question are actually supposed to be going across the wire
in question. We spend a lot of time with customers who do their test wrong. For
example, a customer might type a hostile URL, then realize the IDS wasn't
plugged in, and then the second time, they don't realize the web-browser has
cached the first request.
--- bojidar_tzendov <bojidar_tzendov@xxxxxxxx> wrote:
> Dear All,
> How to test sensors if I have a pilot installation?
> Is there any procedure and tools?
> Can anyone send me docs and tools or at least urls?
> Thanks in advance
> Bojidar Tzendov
> Area Sales Manager
> Test Solutions
> mobile: +359 88 605 365
> phone: +359 2 969 60 60
> fax: +359 2 969 60 69
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo