 |
|
|
Please note that the individual test results are not available on-line for this report. If you wish to read these, they are available in the complete report, which is only available to purchase from our on-line store. The report is offered as a spiral-bound print version, or as a PDF file on CD or for immediate download. Click here to visit our on-line store. Click here to return to the Gigabit IDS Index Section |
Sample Test Results
Section 1 - Detection Engine
|
Test 1.1 - Attack Recognition |
Attacks |
Default |
Custom |
|
Test 1.1.1 - Backdoors |
� | � | � |
|
Test 1.1.2 - WINS/DNS |
� | � | � |
|
Test 1.1.3 - DOS |
� | � | � |
|
Test 1.1.4 - False negatives (modified exploits) |
� | � | � |
|
Test 1.1.5 - Finger |
� | � | � |
|
Test 1.1.6 - FTP |
� | � | � |
|
Test 1.1.7 - HTTP |
� | � | � |
|
Test 1.1.8 - ICMP |
� | � | � |
|
Test 1.1.9 - Reconnaissance |
� | � | � |
|
Test 1.1.10 - RPC |
� | � | � |
|
Test 1.1.11 - SSH |
� | � | � |
|
Test 1.1.12 - Telnet |
� | � | � |
|
Test 1.1.13 - Database |
� | � | � |
|
Test 1.1.14 - Mail |
� | � | � |
|
Test 1.1.15 - Voice |
� | � | � |
|
Total |
� | � | � |
|
� |
� | � | � |
�
|
Test 1.2 - Resistance to False Positives |
Default |
Custom |
|
Test 1.2.1 - Suspicious FTP traffic |
� | � |
|
Test 1.2.2 - HTTP “exploit” using incorrect method |
� | � |
|
Test 1.2.3 - Retrieval of Web page containing “suspicious” URLs |
� | � |
|
Test 1.2.4 - Simple SMTP QUIT command |
� | � |
|
Test 1.2.5 - Normal NetBIOS copy of “suspicious” files |
� | � |
|
Test 1.2.6 - Normal NetBIOS traffic |
� | � |
|
Test 1.2.7 - POP3 e-mail containing “suspicious” URLs |
� | � |
|
Test 1.2.8 - POP3 e-mail with “suspicious” DLL attachment |
� | � |
|
Test 1.2.9 - POP3 e-mail with “suspicious” Web page attachment |
� | � |
|
Test 1.2.10 - SMTP e-mail transfer containing “suspicious” URLs |
� | � |
|
Test 1.2.11 - SMTP e-mail transfer with “suspicious” DLL attachment |
� | � |
|
Test 1.2.12 - SMTP e-mail transfer with “suspicious” Web page attachment |
� | � |
|
Test 1.2.13 - SNMP V3 packet with invalid parameter |
� | � |
|
Test 1.2.14 - Fake DNS /bin/sh buffer overflow |
� | � |
|
Test 1.2.15 - Inter-firewall communication traffic |
� | � |
|
Test 1.2.16 - Fake SQL Slammer traffic |
� | � |
|
Test 1.2.17 - File copy of GIF file (contains bytes which look like NOP sled) |
� | � |
|
Total Passed |
� | � |
Section 2 - IPS Evasion
|
Test 2.1 - Evasion Baselines |
Detected? |
|
Test 2.1.1 - NSS Back Orifice ping |
� |
|
Test 2.1.2 - Back Orifice connection |
� |
|
Test 2.1.3 - FTP CWD root |
� |
|
Test 2.1.4 - ISAPI printer overflow |
� |
|
Test 2.1.5 - Showmount export lists |
� |
|
Test 2.1.6 - Test CGI probe (/cgi-bin/test-cgi) |
� |
|
Test 2.1.7 - PHF remote command execution |
� |
|
Total |
� |
�
|
Test 2.2 - Packet Fragmentation/Stream Segmentation |
Detected? |
Decoded? |
|
Test 2.2.1 - IP fragmentation - ordered 8 byte fragments � |
� | � |
|
Test 2.2.2 - IP fragmentation - ordered 24 byte fragments � |
� | � |
|
Test 2.2.3 - IP fragmentation - out of order 8 byte fragments � |
� | � |
|
Test 2.2.4 - IP fragmentation - ordered 8 byte fragments, duplicate last packet � |
� | � |
|
� Test 2.2.5 - IP fragmentation - out of order 8 byte fragments, duplicate last packet � |
� | � |
|
� Test 2.2.6 - IP fragmentation - ordered 8 byte fragments, reorder fragments in reverse � |
� | � |
|
Test 2.2.7 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour new) � |
� | � |
|
Test 2.2.8 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour old) � |
� | � |
|
Test 2.2.9 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with invalid TCP checksums |
� | � |
|
Test 2.2.10 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with null TCP control flags |
� | � |
|
Test 2.2.11 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with requests to resync sequence nos. mid-stream |
� | � |
|
Test 2.2.12 - TCP segmentation - ordered 1 byte segments, duplicate last packet � |
� | � |
|
Test 2.2.13 - TCP segmentation - ordered 2 byte segments, segment overlap (favour new) � |
� | � |
|
Test 2.2.14 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with out-of-window sequence numbers |
� | � |
|
Test 2.2.15 - TCP segmentation - out of order 1 byte segments � |
� | � |
|
Test 2.2.16 - TCP segmentation - out of order 1 byte segments, interleaved duplicate segments with faked retransmits |
� | � |
|
Test 2.2.17 - TCP segmentation - ordered 1 byte segments, segment overlap (favour new) � |
� | � |
|
Test 2.2.18 - TCP segmentation - out of order 1 byte segments, PAWS elimination (interleaved dup segments with older TCP timestamp options) |
� | � |
|
Test 2.2.19 - IP fragmentation - out of order 8 byte fragments, interleaved duplicate packets scheduled for later delivery |
� | � |
|
Test 2.2.20 - TCP segmentation - ordered 16 byte segments, segment overlap (favour new (Unix)) |
� | � |
|
Total |
� | � |
�
|
� Test 2.3 - URL Obfuscation |
Detected? |
Decoded? |
|
Test 2.3.1 - URL encoding |
� | � |
|
Test 2.3.2 - /./ directory insertion |
� | � |
|
Test 2.3.3 - Premature URL ending |
� | � |
|
Test 2.3.4 - Long URL |
� | � |
|
Test 2.3.5 - Fake parameter |
� | � |
|
Test 2.3.6 - TAB separation |
� | � |
|
Test 2.3.7 - Case sensitivity |
� | � |
|
Test 2.3.8 - Windows \ delimiter |
� | � |
|
Test 2.3.9 - Session splicing |
� | � |
|
Total |
� | � |
�
|
Test 2.4 - Miscellaneous Obfuscation Techniques |
Detected? |
Decoded? |
|
Test 2.4.1 - Altering default ports |
� | � |
|
Test 2.4.2 - Inserting spaces in FTP command lines |
� | � |
|
Test 2.4.3 - Inserting non-text Telnet opcodes in FTP data stream |
� | � |
|
Test 2.4.4 - Polymorphic mutation (ADMmutate) |
� | � |
|
Test 2.4.5 - Altering protocol and RPC PROC numbers |
� | � |
|
Test 2.4.6 - RPC record fragging (MS-RPC and Sun) |
� | � |
|
Test 2.4.7 - HTTP exploits to port <> 80 |
� | � |
|
Total |
� | � |
Section 3 - Stateful Operation
|
Test 3.1 - Stateless Attack Replay |
Alert? |
Pass/Fail |
|
Test 3.1.1 - Stateless Web exploits |
� | � |
|
Test 3.1.2 - Stateless FTP exploits |
� | � |
�
|
Test 3.2 - Simultaneous Open Connections (default settings) |
|||||||
|
Number of open connections |
� | � | � | � | � | � | � |
|
Test 3.2.1 - Attack Detection |
� | � | � | � | � | � | � |
|
Test 3.2.2 - State Preservation |
� | � | � | � | � | � | � |
�
|
Test 3.3 - Simultaneous Open Connections (after tuning) |
|||||||
|
Number of open connections |
� | � | � | � | � | � | � |
|
Test 3.3.1 - Attack Detection |
� | � | � | � | � | � | � |
|
Test 3.3.2 - State Preservation |
� | � | � | � | � | � | � |
Section 4 - Detection/Blocking Performance Under Load
|
Test 4.1 - UDP traffic to random valid ports |
� 150Mbps |
� 300Mbps |
� 450Mbps |
� 600Mbps |
� Max |
|
Test 4.1.1 - 256 byte packet test - max 270,000pps |
� | � | � | � | � |
|
Test 4.1.2 - 550 byte packet test - max 132,000pps |
� | � | � | � | � |
|
Test 4.1.3 - 1000 byte packet test - max 73,000pps |
� | � | � | � | � |
�
|
Test 4.2 - HTTP “maximum stress” traffic with no transaction delays |
� 150Mbps |
� 300Mbps |
� 450Mbps |
� 600Mbps |
� Max |
|
Test 4.2.1 - Max 1500 connections per second - ave packet size 1000 bytes - max 73,000 packets per second |
� | � | � | � | � |
|
Test 4.2.2 - Max 3000 connections per second - ave packet size 540 bytes - max 135,000 packets per second |
� | � | � | � | � |
|
Test 4.2.3 - Max 6000 connections per second - ave packet size 440 bytes - max 165,000 packets per second |
� | � | � | � | � |
|
Test 4.2.4 - Max 12000 connections per second - ave packet size 360 bytes - max 198,000 packets per second |
� | � | � | � | � |
�
|
Test 4.3 - HTTP “maximum stress” traffic with transaction delays |
� 150Mbps |
� 300Mbps |
� 450Mbps |
� 600Mbps |
� Max |
|
Test 4.3.1 - Max 3000 connections per second - ave packet size 540 bytes - max 135,000 packets per second - 10 sec delay - max 50,000 open connections |
� | � | � | � | � |
|
Test 4.3.2 - Max 6000 connections per second - ave packet size 440 bytes - max 165,000 packets per second - 10 sec delay - max 50,000 open connections |
� | � | � | � | � |
�
|
Test 4.4 - Protocol mix |
150Mbps |
300Mbps |
450Mbps |
600Mbps |
Max |
|
Test 4.4.1 - 72% HTTP (540 byte packets) + 20% FTP + 6% UDP (256 byte packets). Max 2400 connections per second - ave packet size 540 bytes - max 129,000 packets per second - max 450 open connections |
� | � | � | � | � |
�
|
� Test 4.5 - Real World traffic |
150Mbps |
300Mbps |
450Mbps |
600Mbps |
Max |
|
Test 4.5.1 - Pure HTTP (simulated browsing session on NSS Web site). Max 2800 connections per second - 12 new users per second - ave packet size 560 bytes - max 126,000 packets per second |
� | � | � | � | � |
|
Test 4.5.2 - Protocol mix - 72% HTTP (simulated browsing sessions as 2.5.1) + 20% FTP + 6% UDP (256 byte packets). Max 2200 connections per second - ave packet size 560 bytes - max 123,000 packets per second - max 900 open connections |
� | � | � | � | � |
�Section 5 - Stability & Reliability
|
Test ID |
Result |
|
Test 5.1.1 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC |
� |
�Section 6 - Management Interface
|
Test ID |
Result |
|
Test 6.1.1 - Open Ports |
� |
|
Test 6.1.2 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC |
� |
|
Test 6.1.3 - ISIC attacks detected against management interface? |
� |
| � | Click here to return to the Gigabit IDS Index Section | � |
Send mail to webmaster
with questions or�
|