Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: how to test IDS performance?

Re: how to test IDS performance?

From: Latha Kris <latha_vgopal_at_yahoo.com>
Date: 2 Apr 2003 20:02:34 -0000
('binary' encoding is not supported, stored as-is) In-Reply-To: <20030331032754.75142.qmail_at_web14907.mail.yahoo.com>

I guess there is no single way or tool available to test IDS perfomances.
There are a lot of things that exists in IDS which need to be tested.

Some of the features that the IDS can be tested for perfomance are
- Is the IDS able to handle 100MBPS(or whatever load you need) HTTP
traffic and inject attacks to see if it is able to detect attacks.
- Number of TCP/UDP sessions the IDS can handle at any time
- At what load the IDS starts dropping packets with mixed amount of traffic
(HTTP, DNS, ICMP...)

The difficult part is generating this kind of traffic in a lab.

You can check the http://osec.neohapsis.com/ website. They have a good
test criteria and results of their testing.

-lkris

>Received: (qmail 29405 invoked from network); 1 Apr 2003 22:16:43 -0000
>Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 1 Apr 2003 22:16:43 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id B68158F607; Tue, 1 Apr 2003 15:03:08 -0700 (MST)
>Mailing-List: contact focus-ids-help_at_securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <focus-ids.list-id.securityfocus.com>
>List-Post: <mailto:focus-ids_at_securityfocus.com>
>List-Help: <mailto:focus-ids-help_at_securityfocus.com>
>List-Unsubscribe: <mailto:focus-ids-unsubscribe_at_securityfocus.com>
>List-Subscribe: <mailto:focus-ids-subscribe_at_securityfocus.com>
>Delivered-To: mailing list focus-ids_at_securityfocus.com
>Delivered-To: moderator for focus-ids_at_securityfocus.com
>Received: (qmail 30602 invoked from network); 31 Mar 2003 03:13:59 -0000
>Message-ID: <20030331032754.75142.qmail_at_web14907.mail.yahoo.com>
>Date: Sun, 30 Mar 2003 19:27:54 -0800 (PST)
>From: Lau Ker Chea <kerchea79_at_yahoo.com>
>Subject: how to test IDS performance?
>To: focus-ids_at_securityfocus.com
>MIME-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>
>may i know what type of techniques that can be used to
>test for the IDS performance?
>
>is it Packit suitable to complete this task?
>
>thanks!
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
>http://platinum.yahoo.com
>
>-----------------------------------------------------------
>ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
>Learn why 70% of today's successful hacks involve Web Application
>attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
>Manipulation.
>http://www.spidynamics.com/mktg/webappsecurity71
>
>

-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
Received on Apr 02 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]