topic Re: IPS functionality testing in General Topics https://live.paloaltonetworks.com/t5/general-topics/ips-functionality-testing/m-p/40407#M29663 <HTML><HEAD></HEAD><BODY><P>I can not think of any tools for windows offhand but there are a few manual tests you vcan run.</P><P></P><P><SPAN>1) Surf the </SPAN><A class="jive-link-external-small" href="http://eicar.org/">http://eicar.org/</A><SPAN> site and download the malware file.</SPAN></P><P></P><P>2) Go to any website using HTTP and find a place that allows text and type &lt;script&gt;alert(XSS test)&lt;/script&gt;</P><P></P><P>There are quite a few examples on the web. But since we are not a Web App firewall there will be some XSS attacks that the paloalto will not detect. Make sure you test your examples in the lab first before demonstrating to the customer.</P><P></P><P>Steve Krall</P></BODY></HTML> Mon, 31 Oct 2011 16:36:04 GMT skrall 2011-10-31T16:36:04Z IPS functionality testing https://live.paloaltonetworks.com/t5/general-topics/ips-functionality-testing/m-p/40406#M29662 <HTML><HEAD></HEAD><BODY><P>We are looking to do a live demo of PAN devices to some leads . Does anybody have tool we can use to demonstrate the IPS functionality in real time .Putting the box through a wide range of attacks .&nbsp; App ID is pretty easy but Checkpoint now does application visibility . I have heard about metaploit . I havent seen a windows version u could easily use . Not a linux person .Looking for a free tool .</P><P>Thanks</P></BODY></HTML> Mon, 31 Oct 2011 15:06:01 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-functionality-testing/m-p/40406#M29662 usvi 2011-10-31T15:06:01Z Re: IPS functionality testing https://live.paloaltonetworks.com/t5/general-topics/ips-functionality-testing/m-p/40407#M29663 <HTML><HEAD></HEAD><BODY><P>I can not think of any tools for windows offhand but there are a few manual tests you vcan run.</P><P></P><P><SPAN>1) Surf the </SPAN><A class="jive-link-external-small" href="http://eicar.org/">http://eicar.org/</A><SPAN> site and download the malware file.</SPAN></P><P></P><P>2) Go to any website using HTTP and find a place that allows text and type &lt;script&gt;alert(XSS test)&lt;/script&gt;</P><P></P><P>There are quite a few examples on the web. But since we are not a Web App firewall there will be some XSS attacks that the paloalto will not detect. Make sure you test your examples in the lab first before demonstrating to the customer.</P><P></P><P>Steve Krall</P></BODY></HTML> Mon, 31 Oct 2011 16:36:04 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-functionality-testing/m-p/40407#M29663 skrall 2011-10-31T16:36:04Z