Intrusion Detection Systems mailing list archives
Re: BlackICE IDS -reply
From: mht () clark net (mht () clark net)
Date: Mon, 6 Dec 1999 08:50:48 -0500 (EST)
Their are several test packages available that can simulate realtime network traffic. Check out NTSL (www.ntsl.com). the homer web utility by Microsoft simulate web activity. FTPConnLoad. Most of which are tools used by Data Com and other magazines that perform lab reviews on products. Developing a test suite in the lab emulating real time traffic is tough. I know during a recent product evaluation of a recently released IDS system, we spent a week developing and researching our test plan. Asked many questions on what is out there (aka kiddie scripts) and what was the possibility of this occuring in a real time environment. Our whiteboard was covered with if then else cases. We also SWAG and WAG on the outcome. It is really said when their vendors state a lot of stuff about how fast and reliable their product is, but fail to mention what type of testing they used in order to get on their soap box and preach it. I do recall a vendor stating their product makes a great floor wax and dessert topping but could not ever state at what condition their solution could fail at. But I digressed.. Enjoy the research.. :) I actually think their should a reputable company conducting UL type testing on products for solution companies prior to their release. 1. Ensure the quality of the product 2. Ensure the product does what the vendor preaches it does 3. A 3rd party review is a sure way of convicing mmajor customers that the product actually works after it it deployed. On Sun, 5 Dec 1999, Marcus J. Ranum wrote:
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner () uow edu au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. --------------------------------------------------------------------------- --- Greg Shipley writes:2. I would encourage anyone who is doing testing to get as close to REAL traffic as possible.As a vendor, let me comment that Greg's 100% right! We tell our customers the same thing. You gotta see what'll work in your live environment because it's going to be different than a lab. You might install an IDS that does reassembly and state tracking and discover that it doesn't work right because your internal routing is messed up (accidentally or deliberately). You might discover all kinds of weirdnesses that would never appear in a contrived lab environment - some good, some bad. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
########################################################## 'Turn on, Boot Up, Jack in' #########################################################
Current thread:
- Re: BlackICE IDS, (continued)
- Re: BlackICE IDS Robert Graham (Dec 04)
- Re: BlackICE IDS Greg Shipley (Dec 05)
- RE: Network Utilization discussion... Ryan M. Ferris (Dec 06)
- Re: RE: Network Utilization discussion... Misha (Dec 06)
- IDS Dafunquia, Facundo (Dec 07)
- Re: IDS Trevor Schroeder (Dec 07)
- Re: RE: Network Utilization discussion... Ron Gula (Dec 07)
- Half-Assed Review site Troy Billington (Dec 28)
- Half-Assed Review site Troy Billington (Dec 28)
- Re: BlackICE IDS Robert Graham (Dec 04)
- Re: BlackICE IDS Marcus J. Ranum (Dec 05)
- Re: BlackICE IDS -reply mht () clark net (Dec 06)
- Re: BlackICE IDS pingman (Dec 06)
- RE: BlackICE IDS Bill Royds (Dec 06)
- Sharing Information [Was: BlackICE IDS] John S Flowers (Dec 06)
- new subscriber... Bernard Clairmont (Dec 07)
- Re: Sharing Information [Was: BlackICE IDS] Ron Gula (Dec 07)
- ISS RealSecure upgrade problem Xiong Shao Jun (Dec 07)
- Re: ISS RealSecure upgrade problem Jackie Chan (Dec 08)
- RE: new subscriber Jeff Oliver (Dec 08)