RE: Generating Traffic to Stress Test IDS

From: Ken Pohniman (kenpohniman@yahoo.com)
Date: 01/25/02

• Previous message: Gary Golomb: "Re: Generating Traffic to Stress Test IDS"
• In reply to: Chad Gough: "Generating Traffic to Stress Test IDS"
• Next in thread: Chris Grout: "RE: Generating Traffic to Stress Test IDS"
• Reply: Chris Grout: "RE: Generating Traffic to Stress Test IDS"
• Reply: Dragos Ruiu: "Re: Generating Traffic to Stress Test IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Ken Pohniman" <kenpohniman@yahoo.com>
To: "'Chad Gough'" <chad131@yahoo.com>, <focus-ids@lists.securityfocus.com>
Date: Fri, 25 Jan 2002 07:53:20 +0800

From what I understand, a NIDS can typically handle up to 40Mbps of traffic
at any one time before starting to drop packets aggresively. An IDS
Balancer, like that from TopLayer Networks, will be required, especially if
you're talking about a GE network.

Btw, regardless of what tool you use, does anyone knows how to check what is
the packet drop rate on the IDS?

Thanks!

-----Original Message-----
From: Chad Gough [mailto:chad131@yahoo.com]
Sent: Thursday, January 24, 2002 11:27 PM
To: focus-ids@lists.securityfocus.com
Subject: Generating Traffic to Stress Test IDS

Does anyone know of any good tools that can generate alot of network
traffic to see at what point an IDS starts dropping packets?

Thanks,
Chad

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

---

• Previous message: Gary Golomb: "Re: Generating Traffic to Stress Test IDS"
• In reply to: Chad Gough: "Generating Traffic to Stress Test IDS"
• Next in thread: Chris Grout: "RE: Generating Traffic to Stress Test IDS"
• Reply: Chris Grout: "RE: Generating Traffic to Stress Test IDS"
• Reply: Dragos Ruiu: "Re: Generating Traffic to Stress Test IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Generating Traffic to Stress Test IDS ... Vendor "A" may state one thing, ... >at any one time before starting to drop packets aggresively. ... >the packet drop rate on the IDS? ... >Great stuff seeking new owners in Yahoo! ... (Focus-IDS) Re: Generating Traffic to Stress Test IDS ... subsystem, rule loading and settings on the ids, etc... ... of packets you did get. ... > you're talking about a GE network. ... > Great stuff seeking new owners in Yahoo! ... (Focus-IDS) Re: Recent anti-NIDS Gartner article ... packets and throughput of traffic is not suffered by IDS. ... Some reasons why I feel Inline IDSes don't require expensive ... if the packets come out of order (people ... then tap IDS does not even know and packets ... (Focus-IDS) Re: pings ... In 1 day I have seen 288 different instances of blocked packets in my ... firewall on that same day I have seen 46 items in my IDS. ... I have a DHCP network on a local ISP and I do not have a domain ... (Security-Basics) Re: Test scripts for NIDS ... If you're using tcpreplay for performance testing, ... >> packets and they are being dropped? ... > the IDS catches everything. ... > increasing speeds until the IDS output changes (usually by failing to detect ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2002-01