IDS mailing list archives

Re: how to test IDS performance?

From: Latha Kris <latha_vgopal () yahoo com>
Date: 2 Apr 2003 20:02:34 -0000

In-Reply-To: <20030331032754.75142.qmail () web14907 mail yahoo com>

I guess there is no single way or tool available to test IDS perfomances. 
There are a lot of things that exists in IDS which need to be tested. 

Some of the features that the IDS can be tested for perfomance are 
- Is the IDS able to handle 100MBPS(or whatever load you need) HTTP 
traffic and inject attacks to see if it is able to detect attacks.
- Number of TCP/UDP sessions the IDS can handle at any time 
- At what load the IDS starts dropping packets with mixed amount of traffic
(HTTP, DNS, ICMP...)

The difficult part is generating this kind of traffic in a lab. 

You can check the http://osec.neohapsis.com/ website. They have a good 
test criteria and results of their testing. 

-lkris

Received: (qmail 29405 invoked from network); 1 Apr 2003 22:16:43 -0000
Received: from outgoing2.securityfocus.com (HELO

outgoing.securityfocus.com) (205.206.231.26)

 by mail.securityfocus.com with SMTP; 1 Apr 2003 22:16:43 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com

[205.206.231.19])

      by outgoing.securityfocus.com (Postfix) with QMQP
      id B68158F607; Tue,  1 Apr 2003 15:03:08 -0700 (MST)
Mailing-List: contact focus-ids-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <focus-ids.list-id.securityfocus.com>
List-Post: <mailto:focus-ids () securityfocus com>
List-Help: <mailto:focus-ids-help () securityfocus com>
List-Unsubscribe: <mailto:focus-ids-unsubscribe () securityfocus com>
List-Subscribe: <mailto:focus-ids-subscribe () securityfocus com>
Delivered-To: mailing list focus-ids () securityfocus com
Delivered-To: moderator for focus-ids () securityfocus com
Received: (qmail 30602 invoked from network); 31 Mar 2003 03:13:59 -0000
Message-ID: <20030331032754.75142.qmail () web14907 mail yahoo com>
Date: Sun, 30 Mar 2003 19:27:54 -0800 (PST)
From: Lau Ker Chea <kerchea79 () yahoo com>
Subject: how to test IDS performance?
To: focus-ids () securityfocus com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

may i know what type of techniques that can be used to
test for the IDS performance? 

is it Packit suitable to complete this task?

thanks!

__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com

-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter 
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71


-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter 
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71

Current thread:

how to test IDS performance? Lau Ker Chea (Apr 01)
- RE: how to test IDS performance? Eric Hines (Apr 02)
- <Possible follow-ups>
- Re: how to test IDS performance? Latha Kris (Apr 02)
  - Re: how to test IDS performance? Matt Bing (Apr 03)