Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SNORT Testing

from [Terry Vernon] Network Security [Permanent Link]
Subject: RE: SNORT Testing
Date: Thu, 2 Mar 2006 04:07:58 -0600 
I've been doing some benchmarking lately on snort packet loss and have found
great success using netstrain to load the line. I'm not looking at attack
detection right now as much as I am squeezing every last drip of performance
out.

What I do is start up 2 or 3 sets of netstrain, watch the system with "top",
then I start snort without -D and let it run for a bit before I ctrl+c it. I
check the dropped packets percentage and modify things trying to get it
smaller and smaller. I keep an eye on top to make sure the system isn't
loading abnormally. I also watch the speeds in netstrain for slow or spiked
traffic. It's not an exact method but works for me and is a fun way to kill
time.

I imagine once I'm satisfied or I reach the limit I will more than likely
load the network as before and start sending exploits, various scanning,
etc... That's how I test snort without spending a dime.

-Terry

-----Original Message-----
From: Byron Sonne [mailto:blsonne@rogers.com] 
Sent: Wednesday, March 01, 2006 8:56 PM
To: focus-ids@securityfocus.com
Subject: Re: SNORT Testing


The tools that come to mind for me are 'stick' and 'snot':
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0096.html


Folks... I never said they were good tools!

As far as I'm concerned, the only test that matters is a real world one. 
Every network is different, sometimes radically, and I don't see much of 
a point trying to generalize these kinds of things with a test suite.

Artificial tests give you artificial results.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SNORT Testing, Eric Hines
Next by Date:  Re: IDS Analyst skill set, Eric Grejda
Previous by Thread:  Re: SNORT Testing, Byron Sonne
Next by Thread:  Re: SNORT Testing, Stefano Zanero
Indexes:  [Date] [Thread] [Top] [All Lists]