RE: Generating Traffic to Stress Test IDS
From: Simon Edwards (SEdwards@toplayer.com)Date: 01/25/02
- Previous message: Jose Nazario: "RE: Generating Traffic to Stress Test IDS"
- Maybe in reply to: Francisco Saa Munoz: "Generating Traffic to Stress Test IDS"
- Next in thread: Ken Pohniman: "RE: Generating Traffic to Stress Test IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Simon Edwards <SEdwards@toplayer.com> To: 'Greg Shipley' <gshipley@neohapsis.com>, focus-ids@lists.securityfocus.com Date: Fri, 25 Jan 2002 13:13:00 -0500
Yes we handle fragmentation, and in most cases we will re-fragment before
passing to the IDS - another note we are also looking to put VLAN tag
removal into the next release, which will be out c end of Q1
Simon
________________________________________________
Simon Edwards
Technical Evangelist
Top Layer Networks
US Office : 508 870 1300 x230
UK Office : +(44) 1252 748509
UK Mobile: +(44) 7971 959170
www: www.TopLayer.com <http://www.TopLayer.com>
email: sedwards@toplayer.com <mailto:sedwards@toplayer.com>
"Perfecting the Art of Network Security"
----------------------------------------------------------------------------
--------
-----Original Message-----
From: Greg Shipley [mailto:gshipley@neohapsis.com]
Sent: 25 January 2002 17:32
To: focus-ids@lists.securityfocus.com
Cc: kenpohniman@yahoo.com; chad131@yahoo.com; Dragos Ruiu
Subject: Re: Generating Traffic to Stress Test IDS
On Fri, 25 Jan 2002, Dragos Ruiu wrote:
> This 40Mbps number is a potentially dangerous bit of misinformation most
> nids vendors exceeded these drop thresholds a ways back.
*snip*
> Packet drop rate, at it's simplest is defined as the ratio of the number
> of packets you should have seen/alerted/munged/whatever to the number
> of packets you did get. Measuring this ratio under realistic conditions
> is left as an excersize for the reader. (Hint: use a controllable,
> accurate traffic source, and examine logs/statistics/whatever on the
> receive side carefuly. Don't forget the background load. :-)
Just to add to what Dragos has stated, saying that NIDS drops at xMbps is
like saying cars can go as fast as 90 mph.
Obviously it depends on the car.
Side note: does anyone know how TopLayer handles fragmentation?
-Greg
- Previous message: Jose Nazario: "RE: Generating Traffic to Stress Test IDS"
- Maybe in reply to: Francisco Saa Munoz: "Generating Traffic to Stress Test IDS"
- Next in thread: Ken Pohniman: "RE: Generating Traffic to Stress Test IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
