IPS and IDS simulation tool for verification in Linux and Windows Lan PC network

HI Friends,

We are using suricata 6.x version in our router. To test the IPS and IDS alert / flow is there any simulation tools that can run in LAN network side either linux or windows machine lan pc connected. Kindly let me know…

Hí,

You can test the IDS from this link by executing in a terminal:

curl -sSL https://raw.githubusercontent.com/0xtf/testmynids.org/master/tmNIDS -o /tmp/tmNIDS && chmod +x /tmp/tmNIDS && /tmp/tmNIDS

If all goes well, you should have alerts.

thanks a lot… will check … do i need enable any particular SID number in suricata.?.

No.

test

1 Like

HI,
I ran your link … in the list of option when i ran all … i got alert only for few option … rest of the opiton when i choose some time it come out fast from the bash OR some time its still running but not come out of the bash… One doubt rest of the option whihc is not alert generated will come in IPS flow…

AM i missing something here… please guide me…

tmNIDS - NIDS detection tester - @0xtf
Project: GitHub - 0xtf/testmynids.org: A website and framework for testing NIDS detection

Choose which test you’d like to run:

  1. Linux UID - Alert is generated for this.
  2. HTTP Basic Authentication
  3. HTTP Malware User-Agent
  4. Bad Certificate Authorities
  5. Tor .onion DNS response and known IPs connection - Alert is generated for this.
  6. EXE or DLL download over HTTP
  7. PDF download with Embedded File
  8. Simulate SSH Outbound Scan
  9. Miscellaneous domains (TLD’s, Sinkhole, DDNS, etc) - Alert is generated for this.
  10. MD5 in TLS Certificate Signature
  11. CHAOS! RUN ALL!
  12. Quit!
    #? 4

It will generate alerts depending on the activated rules. It works well for me. If not all the options work, see the rules or some configuration.

ok thanks… will check… since i am having so many rules for a particular http… will check which rule need to be activate…

Suppose from lan pc we need to block the FTP file transfer or download ( protocol based ) OR block a particular website. How do we need to do that is any other way…

Check this link if it can help you.

ok will see this…

Normally outside ISP data will come to router and then suricata will monitor the data and then it will go inside to LAN network rite…

From outside WAN to verify the LAN network any simulation tool is available…

Hi,

Could you please let me know the SID number for all the options in that tests… since i have 30000+ rules are loaded not sure which SID i need to enable for the each options.

Also is it possible to get your suricata.yaml. since i am using the default suricata.yaml nothing changed since i am new to suricata.

Hi suricatalfon,

Any update for my query…