Installing Tomahawk IPS test tool on Debian 7
For a current IPS/IDS project I was looking for a test system to benchmark various IDS/IPS engines. The idea was to record network captures carrying malware samples in HTTP, SMTP or other protocols, and replaying them against the various detection engines. Problem with that is that tools like tcpreplay, bittwist or Ostinato all replay the trace on a single network card, which means that both “client” and “server” side of the communication are injected into the same NIC of the detection engine.
Recent Comments