IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Damiano Bolzoni <damiano.bolzoni () utwente nl>
Date: Wed, 18 Mar 2009 23:19:04 +0100
On 18/03/2009 22.39, Stefano Zanero wrote:
Can you think of an instance of attack where detecting this is important ?
If I were a bank, I would be pretty much unhappy to have 10 bogus requests per second that consume the bandwidth, CPU cycles, and system memory, because the web server is allocating space to store the POST body, by slowly sending up to 248Kb (sometimes it took 1 minute). They do care about availability, and this is clearly a DoS. Besides, it's true that a rate of 10 requests per second it's nothing...but since the requests were coming from more than 50 different countries, I don't expect to be that difficult to increase the rate by infecting new hosts. Then you can argue that the attacker can use something like ABCDEFGHILMN... instead of AAAAAAAAAAAAA..., and things would get tough again. But I guess you know what would be my answer, given that this attack has been detected with an anomaly-based NIDS ;)
-- Damiano Bolzoni damiano.bolzoni () utwente nl Homepage http://dies.ewi.utwente.nl/~bolzonid/ PGP public key http://dies.ewi.utwente.nl/~bolzonid/public_key.asc Skype ID: damiano.bolzoni () utwente nl Distributed and Embedded Security Group - University of Twente P.O. Box 217 7500AE Enschede, The Netherlands Phone +31 53 4892477 Mobile +31 629 008724 ZILVERLING building, room 3013
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 13)
- Message not available
- Re: Intrusion Detection Evaluation Datasets "Zow" Terry Brugger (Mar 13)
- Re: Intrusion Detection Evaluation Datasets Paul Palmer (Mar 13)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 17)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 17)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)