RE: Generating Traffic to Stress Test IDS
From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)Date: 01/25/02
- Previous message: Dragos Ruiu: "Re: Generating Traffic to Stress Test IDS"
- In reply to: Ken Pohniman: "RE: Generating Traffic to Stress Test IDS"
- Next in thread: Greg Shipley: "Re: Generating Traffic to Stress Test IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jan 2002 11:48:17 -0500 (EST) From: Jose Nazario <jose@biocserver.BIOC.cwru.edu> To: <focus-ids@lists.securityfocus.com>
On Fri, 25 Jan 2002, Ken Pohniman wrote:
> Seems that at 60Mbps throughput, the NIDS packet drop rate is about
> 50%. My questions is - at what drop rate can an IDS afford to
> experience before becoming totally 'useless'? Can the IDS still detect
> a particular attack if it drops just 1 of the packet? This is my
> biggest question actually. Thanks!
are you doing any tuning (buffer sizes, options) of your NIDS?
a fair NIDS can make a match even with a few dropped packets here and
there. relying on seeing that one packet for a match is relying on too
much luck and possibly making a decision based on too little evidence.
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
- Previous message: Dragos Ruiu: "Re: Generating Traffic to Stress Test IDS"
- In reply to: Ken Pohniman: "RE: Generating Traffic to Stress Test IDS"
- Next in thread: Greg Shipley: "Re: Generating Traffic to Stress Test IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
