Hosting Provided By

Re: how to test IDS performance?

From: Latha Kris <latha_vgopal(at)yahoo.com>
Date: Wed Apr 02 2003 - 15:02:34 EST

('binary' encoding is not supported, stored as-is)
In-Reply-To: <20030331032754.75142.qmail@web14907.mail.yahoo.com>

I guess there is no single way or tool available to test IDS perfomances. There are a lot of things that exists in IDS which need to be tested.

Some of the features that the IDS can be tested for perfomance are - Is the IDS able to handle 100MBPS(or whatever load you need) HTTP traffic and inject attacks to see if it is able to detect attacks. - Number of TCP/UDP sessions the IDS can handle at any time - At what load the IDS starts dropping packets with mixed amount of traffic (HTTP, DNS, ICMP...) The difficult part is generating this kind of traffic in a lab.

You can check the http://osec.neohapsis.com/ website. They have a good test criteria and results of their testing.

-lkris

>Received: (qmail 29405 invoked from network); 1 Apr 2003 22:16:43 -0000
>Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 1 Apr 2003 22:16:43 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id B68158F607; Tue, 1 Apr 2003 15:03:08 -0700 (MST)
>Mailing-List: contact focus-ids-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <focus-ids.list-id.securityfocus.com>
>List-Post: <mailto:focus-ids@securityfocus.com>
>List-Help: <mailto:focus-ids-help@securityfocus.com>
>List-Unsubscribe: <mailto:focus-ids-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:focus-ids-subscribe@securityfocus.com>
>Delivered-To: mailing list focus-ids@securityfocus.com
>Delivered-To: moderator for focus-ids@securityfocus.com
>Received: (qmail 30602 invoked from network); 31 Mar 2003 03:13:59 -0000
>Message-ID: <20030331032754.75142.qmail@web14907.mail.yahoo.com>
>Date: Sun, 30 Mar 2003 19:27:54 -0800 (PST)

ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71 Received on Wed Apr 2 17:03:39 2003

This message: [ Message body ]
Next message: Eric Hines: "RE: how to test IDS performance?"
Previous message: Dale Gardner: "Re: Anomaly based network IDS"
In reply to: Lau Ker Chea: "how to test IDS performance?"
In reply to Lau Ker Chea: "how to test IDS performance?"
Next in thread: Matt Bing: "Re: how to test IDS performance?"
Reply: Matt Bing: "Re: how to test IDS performance?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:11 EDT