How to Test IDS Rules

The tutorial explains how to test IDS rules. IDS contains signatures which are used to defend against attacks based on a specific pattern. For ex, Cisco firewall IDS is capable of vulnerabilities based on ICMP, TCP protocols. The security test engineer should be well versed with internal structure of protocols and how a specific attack which target a specific vulnerability works.

For ex, ICMP vulnerabilities work by manipulating different fields in the Type and Code field in the ICMP header. Once the appropriate values to be modified is identified, packet crafting tools like scapy , hping can be used for crafting the attack, which can be used to test the IDS rule.

Become a Network Testing Expert with our Video Course Click Here