Performance testing
From: Upo Net (uponet@hotmail.com)Date: 05/08/02
- Previous message: Alex Smith: "Re: Looking for AIX-Friendly HIDS"
- Next in thread: Steve Halligan: "RE: Performance testing"
- Reply: Steve Halligan: "RE: Performance testing"
- Reply: Martin Roesch: "Re: Performance testing"
- Reply: Upo Net: "Re: Performance testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 May 2002 11:43:49 -0000 From: Upo Net <uponet@hotmail.com> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
Hi,
I've some troubles with NIDS performance testing.
I'm using these devices:
- Linux box: RedHat7.2, Pentium IV 1400MHz
RAM 384MB, NIC 3Com 905
Snort 1.8.6
- Linux box: RedHat7.2, Hp e-pc40, Celeron 900
Nessus
- Linux box: RedHat7.2, Pentium 200
Apache Web Server
- Smartbits 600, with Smartflow
I'm using Nesuss to send some attacks to the Apache Server,
when I'm generating noise traffic with the Smartbits.
I'm generating this kind of traffic:
100 TCP flows from 192.168.66.9-109 random port to
192.168.66.1 port 80, with these shaping:
- 60% size 76byte (ethernet);
- 15% size 594byte
- 15% size 1518byte
- other sizes;
The problem is that with 10% of load my NIDS melts, running
at 99% of CPU time.
Why? Can someone help me?
Thank you.
- uponet
P.S.
I'm using the standard configuration of Snort, and It's
running with the high speed option enabled:
#snort -i eth1 -c /etc/snort/snort.conf -b -A fast
- Previous message: Alex Smith: "Re: Looking for AIX-Friendly HIDS"
- Next in thread: Steve Halligan: "RE: Performance testing"
- Reply: Steve Halligan: "RE: Performance testing"
- Reply: Martin Roesch: "Re: Performance testing"
- Reply: Upo Net: "Re: Performance testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
