Re: Generating Traffic to Stress Test IDS
From: Greg Shipley (gshipley@neohapsis.com)Date: 01/25/02
- Previous message: NGSEC Research Team: "[NGSEC] Whitepaper Released: Polymorphic shellcodes vs. Applications IDSs"
- In reply to: Dragos Ruiu: "Re: Generating Traffic to Stress Test IDS"
- Next in thread: Ken Pohniman: "RE: Generating Traffic to Stress Test IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jan 2002 11:32:04 -0600 (CST) From: Greg Shipley <gshipley@neohapsis.com> To: focus-ids@lists.securityfocus.com
On Fri, 25 Jan 2002, Dragos Ruiu wrote:
> This 40Mbps number is a potentially dangerous bit of misinformation most
> nids vendors exceeded these drop thresholds a ways back.
*snip*
> Packet drop rate, at it's simplest is defined as the ratio of the number
> of packets you should have seen/alerted/munged/whatever to the number
> of packets you did get. Measuring this ratio under realistic conditions
> is left as an excersize for the reader. (Hint: use a controllable,
> accurate traffic source, and examine logs/statistics/whatever on the
> receive side carefuly. Don't forget the background load. :-)
Just to add to what Dragos has stated, saying that NIDS drops at xMbps is
like saying cars can go as fast as 90 mph.
Obviously it depends on the car.
Side note: does anyone know how TopLayer handles fragmentation?
-Greg
- Previous message: NGSEC Research Team: "[NGSEC] Whitepaper Released: Polymorphic shellcodes vs. Applications IDSs"
- In reply to: Dragos Ruiu: "Re: Generating Traffic to Stress Test IDS"
- Next in thread: Ken Pohniman: "RE: Generating Traffic to Stress Test IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
