Re: Generating Traffic to Stress Test IDS

From: Gary Golomb (gee_two@yahoo.com)
Date: 01/24/02


Date: Thu, 24 Jan 2002 12:08:01 -0800 (PST)
From: Gary Golomb <gee_two@yahoo.com>
To: radu7@pipeline.com, focus-ids@lists.securityfocus.com


As part of what I do, I don't get into performance testing
performance-testing equipment (no, that's not a typo), but
from what I've seen; Hailstorm has been my favorite in the
software-based solution market. Not only can you just
"spew" packets onto the wire (what most HW-based products
seem to be good at), but also do full session and custom
application based stress testing - *quickly*. Just about
any exchange you can think of that requires custom
packets/payloads, can be done graphically through the tool.
IMHO, it should definitely be a part of any
testing/research/QA tool kit.

-gary

--- radu7@pipeline.com wrote:
> ClickToSecure (www.clicktosecure.com) makes a nice
> (Windows NT/2000 based) tool that can do this (among many
> other things related to network security/application
> testing). I have used it to test my IDS systems for
> packet loss under heavy loads. The product is called
> Hailstorm. It has a somewhat hefty pricetag associated
> with it though. If all you need is load testing it might
> be too expensive. If you have a use for the other
> features (and there are quite a few of them) the product
> it may be worth it. You can request a an eval from their
> website.
>
> Anthony
>
>
> Chad Gough <chad131@yahoo.com> wrote:
> > Does anyone know of any good tools that can generate
> alot of network
> traffic to see at what point an IDS starts dropping
> packets?
>
> Thanks,
> Chad
>
> __________________________________________________
> Do You Yahoo!?
> Great stuff seeking new owners in Yahoo! Auctions!
> http://auctions.yahoo.com
>

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com



Relevant Pages

  • [NT] Yahoo! Messenger URL Handler Remote DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A denial of service vulnerability exists in the way Yahoo! ... When these packets are sent Yahoo! ... Messenger version 6.0 ...
    (Securiteam)
  • Re: Private IP address with yahoo messenger
    ... You can test it using yahoo booters and an authentic yahoo id both ... 2.Through packet malformation you can get information of the target IP ... Simply typing the text in chat window. ... thorough forensic analysis of the packets coming from target. ...
    (Security-Basics)
  • Re: sending MAC packets --- again
    ... If I'm sending ethernet broadcast packets... ... will they be forwarded to all the ports of a switch?? ... > Do You Yahoo!? ... Mail has the best spam ...
    (freebsd-net)
  • Re: Signature and Traffic generation
    ... Hailstorm is way more capable than any other packet generation tool I have ... You can sniff a session, then replay the session with Hailstorm acting ... your own packets or modify sniffed packets. ...
    (Focus-IDS)
  • Re: Dropping Packets in 2.6.17
    ... 625Kpps per interface (1.3 million packets per ... What ITR setting are using for the e1000 driver? ... Do You Yahoo!? ... Mail has the best spam protection around ...
    (Linux-Kernel)