Test Results

Please note that the individual test results are not available on-line for this report.

If you wish to read these, they are available in the complete report, which is only available to purchase from our on-line store.

The report is offered as a spiral-bound print version, or as a PDF file on CD or for immediate download.

Click here to visit our on-line store.

Click here to return to the Gigabit IDS Index Section

Top Home

Certification Programs

Group Test Reports

White Papers

On-Line Store

Contact The NSS Group

Home

Sample Test Results

Section 1 - Detection Engine

Test 1.1 - Attack Recognition	Attacks	Default ARR	Custom ARR
Test 1.1.1 - Backdoors
Test 1.1.2 - WINS/DNS
Test 1.1.3 - DOS
Test 1.1.4 - False negatives (modified exploits)
Test 1.1.5 - Finger
Test 1.1.6 - FTP
Test 1.1.7 - HTTP
Test 1.1.8 - ICMP
Test 1.1.9 - Reconnaissance
Test 1.1.10 - RPC
Test 1.1.11 - SSH
Test 1.1.12 - Telnet
Test 1.1.13 - Database
Test 1.1.14 - Mail
Test 1.1.15 - Voice
Total

Test 1.2 - Resistance to False Positives	Default	Custom
Test 1.2.1 - Suspicious FTP traffic
Test 1.2.2 - HTTP “exploit” using incorrect method
Test 1.2.3 - Retrieval of Web page containing “suspicious” URLs
Test 1.2.4 - Simple SMTP QUIT command
Test 1.2.5 - Normal NetBIOS copy of “suspicious” files
Test 1.2.6 - Normal NetBIOS traffic
Test 1.2.7 - POP3 e-mail containing “suspicious” URLs
Test 1.2.8 - POP3 e-mail with “suspicious” DLL attachment
Test 1.2.9 - POP3 e-mail with “suspicious” Web page attachment
Test 1.2.10 - SMTP e-mail transfer containing “suspicious” URLs
Test 1.2.11 - SMTP e-mail transfer with “suspicious” DLL attachment
Test 1.2.12 - SMTP e-mail transfer with “suspicious” Web page attachment
Test 1.2.13 - SNMP V3 packet with invalid parameter
Test 1.2.14 - Fake DNS /bin/sh buffer overflow
Test 1.2.15 - Inter-firewall communication traffic
Test 1.2.16 - Fake SQL Slammer traffic
Test 1.2.17 - File copy of GIF file (contains bytes which look like NOP sled)
Total Passed

Section 2 - IPS Evasion

Test 2.1 - Evasion Baselines	Detected?
Test 2.1.1 - NSS Back Orifice ping
Test 2.1.2 - Back Orifice connection
Test 2.1.3 - FTP CWD root
Test 2.1.4 - ISAPI printer overflow
Test 2.1.5 - Showmount export lists
Test 2.1.6 - Test CGI probe (/cgi-bin/test-cgi)
Test 2.1.7 - PHF remote command execution
Total

Test 2.2 - Packet Fragmentation/Stream Segmentation	Detected?	Decoded?
Test 2.2.1 - IP fragmentation - ordered 8 byte fragments
Test 2.2.2 - IP fragmentation - ordered 24 byte fragments
Test 2.2.3 - IP fragmentation - out of order 8 byte fragments
Test 2.2.4 - IP fragmentation - ordered 8 byte fragments, duplicate last packet
Test 2.2.5 - IP fragmentation - out of order 8 byte fragments, duplicate last packet
Test 2.2.6 - IP fragmentation - ordered 8 byte fragments, reorder fragments in reverse
Test 2.2.7 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour new)
Test 2.2.8 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour old)
Test 2.2.9 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with invalid TCP checksums
Test 2.2.10 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with null TCP control flags
Test 2.2.11 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with requests to resync sequence nos. mid-stream
Test 2.2.12 - TCP segmentation - ordered 1 byte segments, duplicate last packet
Test 2.2.13 - TCP segmentation - ordered 2 byte segments, segment overlap (favour new)
Test 2.2.14 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with out-of-window sequence numbers
Test 2.2.15 - TCP segmentation - out of order 1 byte segments
Test 2.2.16 - TCP segmentation - out of order 1 byte segments, interleaved duplicate segments with faked retransmits
Test 2.2.17 - TCP segmentation - ordered 1 byte segments, segment overlap (favour new)
Test 2.2.18 - TCP segmentation - out of order 1 byte segments, PAWS elimination (interleaved dup segments with older TCP timestamp options)
Test 2.2.19 - IP fragmentation - out of order 8 byte fragments, interleaved duplicate packets scheduled for later delivery
Test 2.2.20 - TCP segmentation - ordered 16 byte segments, segment overlap (favour new (Unix))
Total

Test 2.3 - URL Obfuscation	Detected?	Decoded?
Test 2.3.1 - URL encoding
Test 2.3.2 - /./ directory insertion
Test 2.3.3 - Premature URL ending
Test 2.3.4 - Long URL
Test 2.3.5 - Fake parameter
Test 2.3.6 - TAB separation
Test 2.3.7 - Case sensitivity
Test 2.3.8 - Windows \ delimiter
Test 2.3.9 - Session splicing
Total

Test 2.4 - Miscellaneous Obfuscation Techniques	Detected?	Decoded?
Test 2.4.1 - Altering default ports
Test 2.4.2 - Inserting spaces in FTP command lines
Test 2.4.3 - Inserting non-text Telnet opcodes in FTP data stream
Test 2.4.4 - Polymorphic mutation (ADMmutate)
Test 2.4.5 - Altering protocol and RPC PROC numbers
Test 2.4.6 - RPC record fragging (MS-RPC and Sun)
Test 2.4.7 - HTTP exploits to port <> 80
Total

Section 3 - Stateful Operation

Test 3.1 - Stateless Attack Replay	Alert?	Pass/Fail
Test 3.1.1 - Stateless Web exploits
Test 3.1.2 - Stateless FTP exploits

Test 3.2 - Simultaneous Open Connections (default settings)
Number of open connections
Test 3.2.1 - Attack Detection
Test 3.2.2 - State Preservation

Test 3.3 - Simultaneous Open Connections (after tuning)
Number of open connections
Test 3.3.1 - Attack Detection
Test 3.3.2 - State Preservation

Section 4 - Detection/Blocking Performance Under Load

Test 4.1 - UDP traffic to random valid ports	150Mbps	300Mbps	450Mbps	600Mbps	Max
Test 4.1.1 - 256 byte packet test - max 270,000pps
Test 4.1.2 - 550 byte packet test - max 132,000pps
Test 4.1.3 - 1000 byte packet test - max 73,000pps

Test 4.2 - HTTP “maximum stress” traffic with no transaction delays	150Mbps	300Mbps	450Mbps	600Mbps	Max
Test 4.2.1 - Max 1500 connections per second - ave packet size 1000 bytes - max 73,000 packets per second
Test 4.2.2 - Max 3000 connections per second - ave packet size 540 bytes - max 135,000 packets per second
Test 4.2.3 - Max 6000 connections per second - ave packet size 440 bytes - max 165,000 packets per second
Test 4.2.4 - Max 12000 connections per second - ave packet size 360 bytes - max 198,000 packets per second

Test 4.3 - HTTP “maximum stress” traffic with transaction delays

150Mbps

300Mbps

450Mbps

600Mbps

Max

Test 4.3.1 - Max 3000 connections per second - ave packet size 540 bytes - max 135,000 packets per second - 10 sec delay - max 50,000 open connections

Test 4.3.2 - Max 6000 connections per second - ave packet size 440 bytes - max 165,000 packets per second - 10 sec delay - max 50,000 open connections

Test 4.4 - Protocol mix	150Mbps	300Mbps	450Mbps	600Mbps	Max
Test 4.4.1 - 72% HTTP (540 byte packets) + 20% FTP + 6% UDP (256 byte packets). Max 2400 connections per second - ave packet size 540 bytes - max 129,000 packets per second - max 450 open connections

Test 4.5 - Real World traffic	150Mbps	300Mbps	450Mbps	600Mbps	Max
Test 4.5.1 - Pure HTTP (simulated browsing session on NSS Web site). Max 2800 connections per second - 12 new users per second - ave packet size 560 bytes - max 126,000 packets per second
Test 4.5.2 - Protocol mix - 72% HTTP (simulated browsing sessions as 2.5.1) + 20% FTP + 6% UDP (256 byte packets). Max 2200 connections per second - ave packet size 560 bytes - max 123,000 packets per second - max 900 open connections

Section 5 - Stability & Reliability

Test ID	Result
Test 5.1.1 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC

Section 6 - Management Interface

Test ID	Result
Test 6.1.1 - Open Ports
Test 6.1.2 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC
Test 6.1.3 - ISIC attacks detected against management interface?

Click here to return to the Gigabit IDS Index Section

top Home

Send mail to webmaster with questions or comments about this web site. Copyright � 1991-2006 The NSS Group Ltd. All rights reserved.

Send mail to webmaster with questions or
comments about this web site.
Copyright � 1991-2006 The NSS Group Ltd.
All rights reserved.