Intrusion Detection Systems mailing list archives

RE: RE: NFR DDOS problems

From: "St. Clair, James" <JStClair () vredenburg com>
Date: Thu, 10 May 2001 08:11:40 -0700

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
 Thanks very much justin..

My apologies to the list - i threw this out a little quickly. I am still
checking exactly what my conerns are and I'll re-issue the question. Thanks
for everyone's interest.

Jim

-----Original Message-----
From: Justin.Linton () guardent com
To: JStClair () vredenburg com; ids () uow edu au
Sent: 5/9/01 3:22 PM
Subject: IDS: RE: NFR DDOS problems

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
------------------------------------------------------------------------
-----
Hello James:
     
     Do you mean will it start dropping packets if it is DDOSed?
        
     If you want to stress test NFR try Stick against it. 

     You can get it at securityfocus.com in their tools section.

"Stick uses the Snort rule set and produces a C program via lex that
when
compiled will produce an IP packet capable of triggering that rule from
a
spoofed IP range (or all possible IP addresses) into a target IP range.
A
function is produced for each rule and a loop then executes these rules
in a
random order. The tool currently produces these at about 250 alarms per
second." Security Focus Web site.

    Of course this would depend on the n-code you have enabled and how
you
have it set to alert.

Best Regards,
Justin Linton
Security Consultant
____________________________________________
G U A R D E N T  C A N A D A
  Security | Privacy | Data Protection

-----Original Message-----
From: St. Clair, James [mailto:JStClair () vredenburg com]
Sent: May 8, 2001 2:11 PM
To: 'ids () uow edu au'
Subject: IDS: NFR DDOS problems

Any one hear of potential DDO problems with NFR, in particular
stacheldracht? Appreciate any feedback..
 
Jim

Current thread:

NFR DDOS problems St. Clair, James (May 09)
- <Possible follow-ups>
- RE: NFR DDOS problems Anish M (EHPT) (May 09)
- RE: NFR DDOS problems Justin . Linton (May 09)
  - Re: RE: NFR DDOS problems Jeff Nathan (May 10)
- RE: RE: NFR DDOS problems St. Clair, James (May 10)
- RE: RE: NFR DDOS problems Justin . Linton (May 10)
  - Re: RE: NFR DDOS problems Jeff Nathan (May 11)