 |
|
|
Content Based Test Results Please note that the individual test results are not available on-line for this report. If you wish to read these, they are available in the complete report, which is only available to purchase from our on-line store. The report is offered as a PDF file on CD or for immediate download. Click here to visit our on-line store. Click here to return to the IPS Index Section |
Sample Test Results
Section 1 - Detection Engine
|
Test 1.1 - Attack Recognition |
Attacks |
Default |
Default |
Custom |
Custom |
|
Test 1.1.1 - Backdoors |
|||||
|
Test 1.1.2 - WINS/DNS |
|||||
|
Test 1.1.3 - DOS |
|||||
|
Test 1.1.4 - False negatives (modified exploits) |
|||||
|
Test 1.1.5 - Finger |
|||||
|
Test 1.1.6 - FTP |
|||||
|
Test 1.1.7 - HTTP |
|||||
|
Test 1.1.8 - ICMP |
|||||
|
Test 1.1.9 - Reconnaissance |
|||||
|
Test 1.1.10 - RPC |
|||||
|
Test 1.1.11 - SSH |
|||||
|
Test 1.1.12 - Telnet |
|||||
|
Test 1.1.13 - Database |
|||||
|
Test 1.1.14 - Mail |
|||||
|
Test 1.1.15 - Voice |
|||||
|
Total |
|||||
|
|
|
Test 1.2 - Resistance to False Positives |
Default |
Custom |
|
Test 1.2.1 - Suspicious FTP traffic |
||
|
Test 1.2.2 - HTTP “exploit” using incorrect method |
||
|
Test 1.2.3 - Retrieval of Web page containing “suspicious” URLs |
||
|
Test 1.2.4 - Simple SMTP QUIT command |
||
|
Test 1.2.5 - Normal NetBIOS copy of “suspicious” files |
||
|
Test 1.2.6 - Normal NetBIOS traffic |
||
|
Test 1.2.7 - POP3 e-mail containing “suspicious” URLs |
||
|
Test 1.2.8 - POP3 e-mail with “suspicious” DLL attachment |
||
|
Test 1.2.9 - POP3 e-mail with “suspicious” Web page attachment |
||
|
Test 1.2.10 - SMTP e-mail transfer containing “suspicious” URLs |
||
|
Test 1.2.11 - SMTP e-mail transfer with “suspicious” DLL attachment |
||
|
Test 1.2.12 - SMTP e-mail transfer with “suspicious” Web page attachment |
||
|
Test 1.2.13 - SNMP V3 packet with invalid parameter |
||
|
Test 1.2.14 - Fake DNS /bin/sh buffer overflow |
||
|
Test 1.2.15 - Inter-firewall communication traffic |
||
|
Test 1.2.16 - Fake SQL Slammer traffic |
||
|
Test 1.2.17 - File copy of GIF file (contains bytes which look like NOP sled) |
||
|
Total Passed |
Section 2 - IPS Evasion
|
Test 2.1 - Evasion Baselines |
Detected? |
Blocked? |
| Test 2.1.1 - NSS Back Orifice ping | ||
| Test 2.1.2 - Back Orifice connection | ||
| Test 2.1.3 - FTP CWD root | ||
| Test 2.1.4 - ISAPI printer overflow | ||
| Test 2.1.5 - Showmount export lists | ||
| Test 2.1.6 - Test CGI probe (/cgi-bin/test-cgi) | ||
| Test 2.1.7 - PHF remote command execution | ||
|
Total |
|
Test 2.2 - Packet Fragmentation/Stream Segmentation |
Detected? |
Decoded? |
Blocked? |
|
Test 2.2.1 - IP fragmentation - ordered 8 byte fragments
|
|||
|
Test 2.2.2 - IP fragmentation - ordered 24 byte fragments
|
|||
|
Test 2.2.3 - IP fragmentation - out of order 8 byte fragments
|
|||
|
Test 2.2.4 - IP fragmentation - ordered 8 byte fragments, duplicate last packet |
|||
|
Test 2.2.5 - IP fragmentation - out of order 8 byte fragments, duplicate last packet |
|||
|
Test 2.2.6 - IP fragmentation - ordered 8 byte fragments, reorder fragments in reverse |
|||
|
Test 2.2.7 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour new) |
|||
|
Test 2.2.8 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour old) |
|||
|
Test 2.2.9 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with invalid TCP checksums |
|||
|
Test 2.2.10 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with null TCP control flags |
|||
|
Test 2.2.11 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with requests to resync sequence nos. mid-stream |
|||
|
Test 2.2.12 - TCP segmentation - ordered 1 byte segments, duplicate last packet |
|||
|
Test 2.2.13 - TCP segmentation - ordered 2 byte segments, segment overlap (favour new) |
|||
|
Test 2.2.14 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with out-of-window sequence numbers |
|||
|
Test 2.2.15 - TCP segmentation - out of order 1 byte segments
|
|||
|
Test 2.2.16 - TCP segmentation - out of order 1 byte segments, interleaved duplicate segments with faked retransmits |
|||
|
Test 2.2.17 - TCP segmentation - ordered 1 byte segments, segment overlap (favour new) |
|||
|
Test 2.2.18 - TCP segmentation - out of order 1 byte segments, PAWS elimination (interleaved dup segments with older TCP timestamp options) |
|||
|
Test 2.2.19 - IP fragmentation - out of order 8 byte fragments, interleaved duplicate packets scheduled for later delivery |
|||
|
Test 2.2.20 - TCP segmentation - ordered 16 byte segments, segment overlap (favour new (Unix)) |
|||
|
Total |
|
Test 2.3 - URL Obfuscation |
Detected? |
Decoded? |
Blocked? |
|
Test 2.3.1 - URL encoding |
|||
|
Test 2.3.2 - /./ directory insertion |
|||
|
Test 2.3.3 - Premature URL ending |
|||
|
Test 2.3.4 - Long URL |
|||
|
Test 2.3.5 - Fake parameter |
|||
|
Test 2.3.6 - TAB separation |
|||
|
Test 2.3.7 - Case sensitivity |
|||
|
Test 2.3.8 - Windows \ delimiter |
|||
|
Test 2.3.9 - Session splicing |
|||
|
Total |
|
Test 2.4 - Miscellaneous Obfuscation Techniques |
Detected? |
Decoded? |
Blocked? |
|
Test 2.4.1 - Altering default ports |
|||
|
Test 2.4.2 - Inserting spaces in FTP command lines |
|||
|
Test 2.4.3 - Inserting non-text Telnet opcodes in FTP data stream |
|||
|
Test 2.4.4 - Polymorphic mutation (ADMmutate) |
|||
|
Test 2.4.5 - Altering protocol and RPC PROC numbers |
|||
|
Test 2.4.6 - RPC record fragging (MS-RPC and Sun) |
|||
|
Test 2.4.7 - HTTP exploits to port <> 80 |
|||
|
Total |
Section 3 - Stateful Operation
|
Test 3.1 - Stateless Attack Replay |
Alert? |
Blocked? |
Pass/Fail |
|
Test 3.1.1 - Stateless Web exploits |
|||
|
Test 3.1.2 - Stateless FTP exploits |
|
Test 3.2 - Simultaneous Open Connections (default settings) |
|||||||
|
Number of open connections |
|||||||
|
Test 3.2.1 - Attack Detection |
|||||||
|
Test 3.2.2 - Attack Blocking |
|||||||
|
Test 3.2.3 - State Preservation |
|||||||
|
Test 3.2.4 - Legitimate traffic blocking |
|||||||
|
Test 3.3 - Simultaneous Open Connections (after tuning) |
|||||||
|
Number of open connections |
|||||||
|
Test 3.3.1 - Attack Detection |
|||||||
|
Test 3.3.2 - Attack Blocking |
|||||||
|
Test 3.3.3 - State Preservation |
|||||||
|
Test 3.3.4 - Legitimate traffic blocking |
|||||||
Section 4 - Detection/Blocking Performance Under Load
|
Test 4.1 - UDP traffic to random valid ports |
|
125Mbps |
250Mbps |
375Mbps |
500Mbps |
Max |
|
Test 4.1.1 - 256 byte packet test - max 226,500pps |
||||||
|
Test 4.1.2 - 550 byte packet test - max 110,000pps |
||||||
|
Test 4.1.3 - 1514 byte packet test - max 61,000pps |
||||||
|
Test 4.2 - HTTP “maximum stress” traffic with no transaction delays |
|
125Mbps |
250Mbps |
375Mbps |
500Mbps |
Max |
|
Test 4.2.1 - Max 1250 connections per second - ave packet size 1000 bytes - max 60,000 packets per second |
||||||
|
Test 4.2.2 - Max 2500 connections per second - ave packet size 540 bytes - max 112,500 packets per second |
||||||
|
Test 4.2.3 - Max 5000 connections per second - ave packet size 440 bytes - max 137,500 packets per second |
||||||
|
Test 4.2.4 - Max 10000 connections per second - ave packet size 360 bytes - max 160,000 packets per second |
||||||
|
Test 4.3 - HTTP “maximum stress” traffic with transaction delays |
|
125Mbps |
250Mbps |
375Mbps |
500Mbps |
Max |
|
Test 4.3.1 - Max 2500 connections per second - ave packet size 540 bytes - max 112,500 packets per second - 10 sec delay - max 25,000 open connections |
||||||
|
Test 4.3.2 - Max 5000 connections per second - ave packet size 440 bytes - max 137,500 packets per second - 10 sec delay - max 50,000 open connections |
||||||
|
Test 4.4 - Protocol mix |
|
125Mbps |
250Mbps |
375Mbps |
500Mbps |
Max |
|
Test 4.4.1 - 72% HTTP (540 byte packets) + 20% FTP + 6% UDP (256 byte packets). Max 2000 connections per second - ave packet size 540 bytes - max 107,500 packets per second - max 375 open connections |
||||||
|
Test 4.5 - Real World traffic |
|
125Mbps |
250Mbps |
375Mbps |
500Mbps |
Max |
|
Test 4.5.1 - Pure HTTP (simulated browsing session on NSS Web site). Max 2350 connections per second - 10 new users per second - ave packet size 560 bytes - max 105,000 packets per second |
||||||
|
Test 4.5.2 - Protocol mix - 72% HTTP (simulated browsing sessions as 2.5.1) + 20% FTP + 6% UDP (256 byte packets). Max 1850 connections per second - ave packet size 560 bytes - max 102,500 packets per second - max 750 open connections |
||||||
Section 5 - Latency & User Response Times
|
Test 5.1 - Latency |
Packet Size |
|
|
|
|
|
Test 5.1.1 Average latency (�s) with no background traffic |
|||||
|
Test 5.1.2 Average latency (�s) with background traffic (250Mbps HTTP traffic, max 1250 connections per second - ave packet size 540 bytes - max 56,250 packets per second) |
|
|
|
||
|
|
|
|
|||
|
|
|
|
|||
|
Test 5.1.3 Average latency (�s) when under attack (50Mbps SYN flood (74,000cps)) |
|
|
|
||
|
|
|
|
|||
|
|
|
|
|
Test 5.2 - User Response Times |
Attempted Trans |
Failed |
Min Page Response |
Max Page Response |
Ave Page Response |
|
Test 5.2.1 - Web page response (ms) with no background traffic (250Mbps HTTP traffic, max 1250 connections per sec - ave packet size 540 bytes - max 56,250 packets per sec) |
|||||
|
Test 5.2.2 - Web page response (ms) when under attack (250Mbps HTTP traffic, max 1250 connections per sec - ave packet size 540 bytes - max 56,250 packets per sec PLUS 50Mbps SYN flood (74,000cps)) |
Section 6 - Stability & Reliability
|
Test ID |
Result |
| Test 6.1.1 - Blocking Under Extended Attack | |
|
Test 6.1.2 - Passing legitimate traffic under extended attack |
|
|
Test 6.1.3 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC |
Section 7 - Management Interface
|
Test ID |
Result |
| Test 7.1.1 - Open Ports | |
|
Test 7.1.2 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC |
|
|
Test 7.1.3 - ISIC attacks detected against management interface? |
Click here to return to the IPS Index Section
Send mail to webmaster
with questions or
|