RE: NFR DDOS problems

[Justin.Linton () guardent com]

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Hello James:
     
     Do you mean will it start dropping packets if it is DDOSed?
        
     If you want to stress test NFR try Stick against it. 

     You can get it at securityfocus.com in their tools section.

"Stick uses the Snort rule set and produces a C program via lex that when
compiled will produce an IP packet capable of triggering that rule from a
spoofed IP range (or all possible IP addresses) into a target IP range. A
function is produced for each rule and a loop then executes these rules in a
random order. The tool currently produces these at about 250 alarms per
second." Security Focus Web site.

    Of course this would depend on the n-code you have enabled and how you
have it set to alert.

Best Regards,
Justin Linton
Security Consultant
____________________________________________
G U A R D E N T  C A N A D A
  Security | Privacy | Data Protection





> -----Original Message-----
> From: St. Clair, James [mailto:JStClair () vredenburg com]
> Sent: May 8, 2001 2:11 PM
> To: 'ids () uow edu au'
> Subject: IDS: NFR DDOS problems

> Any one hear of potential DDO problems with NFR, in particular
> stacheldracht? Appreciate any feedback..
>  
> Jim