IDS mailing list archives
Re: how to test IDS performance?
From: Matt Bing <mbing () nfr net>
Date: Wed, 2 Apr 2003 18:00:22 -0500
Latha Kris said:
Some of the features that the IDS can be tested for perfomance are - Is the IDS able to handle 100MBPS(or whatever load you need) HTTP traffic and inject attacks to see if it is able to detect attacks. - Number of TCP/UDP sessions the IDS can handle at any time - At what load the IDS starts dropping packets with mixed amount of traffic (HTTP, DNS, ICMP...) The difficult part is generating this kind of traffic in a lab.
tcpreplay will let you replay traffic dumps at speeds as arbitrary as your hardware will allow: http://tcpreplay.sourceforge.net -- Matt Bing NFR Security Rapid Response Team ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- how to test IDS performance? Lau Ker Chea (Apr 01)
- RE: how to test IDS performance? Eric Hines (Apr 02)
- <Possible follow-ups>
- Re: how to test IDS performance? Latha Kris (Apr 02)
- Re: how to test IDS performance? Matt Bing (Apr 03)