Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Intrusion Detection Systems mailing list archives

Re: Fwd: Re: Carrier/ISP Success Stories?
From: Dragos Ruiu <dr () v-wave com>
Date: Tue, 25 Jul 2000 16:45:27 -0700
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Ron may not have actually done tests on this yet, but it 
just occurred to me that checking IDS performance on ATM
is a piece of cake... for there is a MIB in the switch which
will give you very accurate counts of exactly how many 
packets and IP datagrams were delivered to an interface 
(unlike ethernet we know and love/hate).  Comparing
the switch counts with processing stats on the IDS should 
tell you exactly how much of the stream you could eat.

The other important statistic to keep track of along with 
the raw number packet rate is the average packet size
and the distribution of packet sizes. 1000 - 64 byte
packets per second is a different story from 1000 - 64k 
long packets. There are a number of other second order 
variables that can be tracked too... (fragmentation level,
burstyness, ....)

cheers,
--dr

On Tue, 25 Jul 2000, mht () clark net wrote:

Are you saying you have installed Dragon Systems for FreeBSD on an ATM 
backbone and have successfully kept up with the network traffic?
If so,

How many Frames were processed??
How many Frames were dropped?
TCP Segments detected:?
UDP Datagrams detected:?
ICMP Datagrams detected:?
Others:?
Events Detected:
Unreported:
Invalid Frames:?

Spanning a Catalyst 5500 Switch requires some reconfiguration by the ISP 
support type people to get the port configured properly, that still 
requires some level of knowledge than most NOC monkeys...


-- 
dursec.com ltd. / kyx.net - we're from the future    http://www.dursec.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]