IDS mailing list archives
Re: interesting paper on testing sig-based IDS
From: Shai Rubin <shai () cs wisc edu>
Date: Wed, 02 Mar 2005 09:50:41 -0600
buineach wrote:
Hi I just joined this forum so apologies if this has been asked/answered before. Is this tool available to the general public as I do a lot of IPS testing and would like to verify further the framentation and TCP segment handling of these inline products. ?
The AGENT tool might be available in few weeks, for academic use only. If you are interested in a commercial use, please contact me.
A real concern I have with inline IPS that depend on a central CPU to deal with fragmentation and segmentation evasion is that an overload attack with this traffic will make the IPS the weakest link in the network.
Your concerns are justified. I assume that any software-based NIDS will suffer from such a attack.
Shai -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- interesting paper on testing sig-based IDS Kohlenberg, Toby (Feb 28)
- Re: interesting paper on testing sig-based IDS Jonathon Giffin (Mar 01)
- Re: interesting paper on testing sig-based IDS buineach (Mar 02)
- Re: interesting paper on testing sig-based IDS Shai Rubin (Mar 02)
- Re: interesting paper on testing sig-based IDS buineach (Mar 02)
- Re: interesting paper on testing sig-based IDS Giovanni Vigna (Mar 02)
- Re: interesting paper on testing sig-based IDS Stefano Zanero (Mar 04)
- Re: interesting paper on testing sig-based IDS Richard Bejtlich (Mar 02)
- <Possible follow-ups>
- RE: interesting paper on testing sig-based IDS Kyle Quest (Mar 04)
- RE: interesting paper on testing sig-based IDS Jose Maria Lopez Hernandez (Mar 06)
- RE: interesting paper on testing sig-based IDS Kyle Quest (Mar 06)
- RE: interesting paper on testing sig-based IDS Brian Smith (Mar 06)
- RE: interesting paper on testing sig-based IDS Micheal Reynolds (Mar 06)
- Re: interesting paper on testing sig-based IDS Jonathon Giffin (Mar 01)