Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Testing a Custom Attack Object

    We recommend the following workflow to test a custom attack object. Note that the following procedure consists of general steps and is intended for expert users who are familiar with these tasks.

    To test a custom attack object:

    1. Create a new security policy and new IDP rulebase rule that includes only the custom attack object to be tested. Enable logging and packet logging.
    2. Push the policy to the IDP Series lab device.
    3. From the attacker computer, reproduce the attack that targets the victim computer.
    4. Use the NSM Log Viewer to see whether the traffic generated logs as expected.

    If your test fails, review the attack advisory, the protocol RFC, and the attack code or packet captures to identify additional information that can help you fine-tune your settings. The most frequent issue that requires tuning is the syntax of the DFA expression.

    Published: 2011-02-08