Protocols for Testing Intrusion Detection?

• Previous message (by thread): Cogent for ISP bandwidth
• Next message (by thread): Protocols for Testing Intrusion Detection?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm looking for recommended protocols to use for testing intrusion
detection and maybe also firewall logging.
Basically I need some kind of protocol that it's ok to discard traffic
for in a production network, so I can be sure that the various systems
that should be detecting it and generating alarms are up and running.
Is there already a standard I should be using?   (This doesn't seem to
quite match RFC2544.)   I'm thinking about things like
- TCP and UDP echo protocol - is this sufficiently deprecated that it
won't be missed, or are there applications still using it?
- Higher-numbered TCP protocol, such as 31337, which appears to have
no official current use, and unofficially is for Back Orifice.
- http:80 from a well-known test address, such as evil.example.com
(probably need both RFC1918 and public IP addresses, so it's somewhat
site-dependent.  Should I be using 192.0.2.0/24 or 198.18.0.0/15 as
long as I'm careful not to leak them out to the real internet?)
- Is there any application that can actually set the RFC3514 Evil Bit?

-- 
----
             Thanks;     Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

• Previous message (by thread): Cogent for ISP bandwidth
• Next message (by thread): Protocols for Testing Intrusion Detection?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]