RE: Generating Traffic to Stress Test IDS

From: Simon Edwards (SEdwards@toplayer.com)
Date: 01/25/02 

From: Simon Edwards <SEdwards@toplayer.com>
To: Ken Pohniman <kpohniman@toplayer.com>, 'Chad Gough' <chad131@yahoo.com>, focus-ids@lists.securityfocus.com
Date: Fri, 25 Jan 2002 10:00:42 -0500

ISS are talking about putting this into version 7, however we are TopLayer
are also working on some management integration with ISS - so that we could
send alerts back into the Event Collector - the obvious one would be packet
loss.

The initial way I am planning to set this up would probably to have a Server
Sensor sitting off our management port listening to SYSLOG streams coming
from our box, these alerts would then be past back to the EC. However we
have been in discussion with ISS about using a more solid method in the
future.

If this is of interest to anyone let me know, and I will put it further up
my to do list !!

Oh and thanks for the mention ;-)

Cheers

Simon
________________________________________________
Simon Edwards
Technical Evangelist
Top Layer Networks
US Office : 508 870 1300 x230
UK Office : +(44) 1252 748509
UK Mobile: +(44) 7971 959170
www: www.TopLayer.com <http://www.TopLayer.com>
email: sedwards@toplayer.com <mailto:sedwards@toplayer.com>
 
"Perfecting the Art of Network Security"
----------------------------------------------------------------------------
--------

-----Original Message-----
From: Ken Pohniman [mailto:kenpohniman@yahoo.com]
Sent: 24 January 2002 23:53
To: 'Chad Gough'; focus-ids@lists.securityfocus.com
Subject: RE: Generating Traffic to Stress Test IDS

From what I understand, a NIDS can typically handle up to 40Mbps of traffic
at any one time before starting to drop packets aggresively. An IDS
Balancer, like that from TopLayer Networks, will be required, especially if
you're talking about a GE network.

Btw, regardless of what tool you use, does anyone knows how to check what is
the packet drop rate on the IDS?

Thanks!

-----Original Message-----
From: Chad Gough [mailto:chad131@yahoo.com]
Sent: Thursday, January 24, 2002 11:27 PM
To: focus-ids@lists.securityfocus.com
Subject: Generating Traffic to Stress Test IDS

Does anyone know of any good tools that can generate alot of network
traffic to see at what point an IDS starts dropping packets?

Thanks,
Chad

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com