IDS mailing list archives
Re: how to test IDS performance?
From: Latha Kris <latha_vgopal () yahoo com>
Date: 2 Apr 2003 20:02:34 -0000
In-Reply-To: <20030331032754.75142.qmail () web14907 mail yahoo com> I guess there is no single way or tool available to test IDS perfomances. There are a lot of things that exists in IDS which need to be tested. Some of the features that the IDS can be tested for perfomance are - Is the IDS able to handle 100MBPS(or whatever load you need) HTTP traffic and inject attacks to see if it is able to detect attacks. - Number of TCP/UDP sessions the IDS can handle at any time - At what load the IDS starts dropping packets with mixed amount of traffic (HTTP, DNS, ICMP...) The difficult part is generating this kind of traffic in a lab. You can check the http://osec.neohapsis.com/ website. They have a good test criteria and results of their testing. -lkris
Received: (qmail 29405 invoked from network); 1 Apr 2003 22:16:43 -0000 Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 1 Apr 2003 22:16:43 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP id B68158F607; Tue, 1 Apr 2003 15:03:08 -0700 (MST) Mailing-List: contact focus-ids-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <focus-ids.list-id.securityfocus.com> List-Post: <mailto:focus-ids () securityfocus com> List-Help: <mailto:focus-ids-help () securityfocus com> List-Unsubscribe: <mailto:focus-ids-unsubscribe () securityfocus com> List-Subscribe: <mailto:focus-ids-subscribe () securityfocus com> Delivered-To: mailing list focus-ids () securityfocus com Delivered-To: moderator for focus-ids () securityfocus com Received: (qmail 30602 invoked from network); 31 Mar 2003 03:13:59 -0000 Message-ID: <20030331032754.75142.qmail () web14907 mail yahoo com> Date: Sun, 30 Mar 2003 19:27:54 -0800 (PST) From: Lau Ker Chea <kerchea79 () yahoo com> Subject: how to test IDS performance? To: focus-ids () securityfocus com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii may i know what type of techniques that can be used to test for the IDS performance? is it Packit suitable to complete this task? thanks! __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- how to test IDS performance? Lau Ker Chea (Apr 01)
- RE: how to test IDS performance? Eric Hines (Apr 02)
- <Possible follow-ups>
- Re: how to test IDS performance? Latha Kris (Apr 02)
- Re: how to test IDS performance? Matt Bing (Apr 03)