IDS mailing list archives

Re: Intrusion Detection Evaluation Datasets

From: Damiano Bolzoni <damiano.bolzoni () utwente nl>
Date: Thu, 19 Mar 2009 22:14:22 +0100

On 19/03/2009 19.47, Stefano Zanero wrote:

I just didn't agree on the specific example raised by Damiano, as I
don't see it happening anywhere in a real attack.


Stuart, Stefano, the example is real :)

Once I obfuscate some details, I can provide you the traces. We havebeen also trying to understand why somebody would do such a stupid"attack" (as also Stefano pointed out, it's only to consume resources,whatever they are). As I said, few requests per second do no affect theweb server performance, but looking at the number of hosts involved,it's clear the attacker can easily raise the bar.


--
Damiano Bolzoni

damiano.bolzoni () utwente nl
Homepage http://dies.ewi.utwente.nl/~bolzonid/
PGP public key http://dies.ewi.utwente.nl/~bolzonid/public_key.asc
Skype ID: damiano.bolzoni () utwente nl

Distributed and Embedded Security Group - University of Twente
P.O. Box 217 7500AE Enschede, The Netherlands
Phone +31 53 4892477
Mobile +31 629 008724
ZILVERLING building, room 3013

Current thread:

Re: Intrusion Detection Evaluation Datasets, (continued)
- - - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 17)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 17)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)

(Thread continues...)