Assistance for IDS

[shrka]

I had derived some algorithms for combating some DoS attacks such as SYN flooding, smurf etc. attacks as part of my IDS.What I want is to test them.Can anyone suggest me the tools or exploit packages by which I can test my implementation?

Moreover my focus is on detecting Anomalies in communication and deriving a baseline for safe and normal communication, rather than just signature matching .
I want your feedbacks about my approach.

 

[Josh]

Use Metasploit... That was earlier built in Perl but since ver. 3 they now use ruby.

But i think ruby is bundled with it for Windows.

 

[shrka]

Metasploit engine requires some programming on its framework.
It also does not includes network exploits such as DDos attacks , but application based signature vulnerabilities which I am not targeting in building my system.

Actually I had derived a baseline from Newriders network intrusion detection and I am countering exploits such as mscans, IMAP exploits, DDos attacks and some common signatures, which are listed in CIRT (Computer incidence response team) annual report.

Can anyone suggests any automated tools rather than frameworks?

 

[KingKrool]

gfi languardscanner, nessus, netcat etc. gfi's stuff is really automated, but I have no ides if it does what you need.

 

[shrka]

GFI's products are exploit combating tools and not genarating tools which I want.Specifically SSPing, smurf, winnuke, jolt2 etc.

 

[KingKrool]

GFI's tools may be "exploit combatting", BUT they can also be used by hackers to detect exploits (e.g. when I ran it once I got messages about how the target had a blank admin password). So the goal of your IDS should be to detect such enumeration.