Betting Sites Not On Gamstop UK 2025Betting Sites Not On GamstopCasino Not On GamstopBest Casinos Not On GamstopNon Gamstop Casinos UK

NSS Group logo

Content Based Test Results

Please note that the individual test results are not available on-line for this report.

If you wish to read these, they are available in the complete report, which is only available to purchase from our on-line store.

The report is offered as a PDF file on CD or for immediate download.

Click here to visit our on-line store.

Click here to return to the IPS Index Section

Certification Programs

Group Test Reports

White Papers

On-Line Store

Contact The NSS Group

Home

Sample Test Results

Section 1 - Detection Engine

Test 1.1 - Attack Recognition

Attacks

Default
ARRD

Default
ARRB

Custom
ARRD

Custom
ARRB

Test 1.1.1 - Backdoors

Test 1.1.2 - WINS/DNS

Test 1.1.3 - DOS

Test 1.1.4 - False negatives (modified exploits)

Test 1.1.5 - Finger

Test 1.1.6 - FTP

Test 1.1.7 - HTTP

Test 1.1.8 - ICMP

Test 1.1.9 - Reconnaissance

Test 1.1.10 - RPC

Test 1.1.11 - SSH

Test 1.1.12 - Telnet

Test 1.1.13 - Database

Test 1.1.14 - Mail

Test 1.1.15 - Voice

Total

Test 1.2 - Resistance to False Positives

Default

Custom

Test 1.2.1 - Suspicious FTP traffic

Test 1.2.2 - HTTP “exploit” using incorrect method

Test 1.2.3 - Retrieval of Web page containing “suspicious” URLs

Test 1.2.4 - Simple SMTP QUIT command

Test 1.2.5 - Normal NetBIOS copy of “suspicious” files

Test 1.2.6 - Normal NetBIOS traffic

Test 1.2.7 - POP3 e-mail containing “suspicious” URLs

Test 1.2.8 - POP3 e-mail with “suspicious” DLL attachment

Test 1.2.9 - POP3 e-mail with “suspicious” Web page attachment

Test 1.2.10 - SMTP e-mail transfer containing “suspicious” URLs

Test 1.2.11 - SMTP e-mail transfer with “suspicious” DLL attachment

Test 1.2.12 - SMTP e-mail transfer with “suspicious” Web page attachment

Test 1.2.13 - SNMP V3 packet with invalid parameter

Test 1.2.14 - Fake DNS /bin/sh buffer overflow

Test 1.2.15 - Inter-firewall communication traffic

Test 1.2.16 - Fake SQL Slammer traffic

Test 1.2.17 - File copy of GIF file (contains bytes which look like NOP sled)

Total Passed

Section 2 - IPS Evasion

Test 2.1 - Evasion Baselines

Detected?

Blocked?

Test 2.1.1 - NSS Back Orifice ping
Test 2.1.2 - Back Orifice connection
Test 2.1.3 - FTP CWD root
Test 2.1.4 - ISAPI printer overflow
Test 2.1.5 - Showmount export lists
Test 2.1.6 - Test CGI probe (/cgi-bin/test-cgi)
Test 2.1.7 - PHF remote command execution

Total

Test 2.2 - Packet Fragmentation/Stream Segmentation

Detected?

Decoded?

Blocked?

Test 2.2.1 - IP fragmentation - ordered 8 byte fragments

Test 2.2.2 - IP fragmentation - ordered 24 byte fragments

Test 2.2.3 - IP fragmentation - out of order 8 byte fragments

Test 2.2.4 - IP fragmentation - ordered 8 byte fragments, duplicate last packet


Test 2.2.5 - IP fragmentation - out of order 8 byte fragments, duplicate last packet

Test 2.2.6 - IP fragmentation - ordered 8 byte fragments, reorder fragments in reverse

Test 2.2.7 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour new)

Test 2.2.8 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour old)

Test 2.2.9 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with invalid TCP checksums

Test 2.2.10 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with null TCP control flags

Test 2.2.11 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with requests to resync sequence nos. mid-stream

Test 2.2.12 - TCP segmentation - ordered 1 byte segments, duplicate last packet

Test 2.2.13 - TCP segmentation - ordered 2 byte segments, segment overlap (favour new)

Test 2.2.14 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with out-of-window sequence numbers

Test 2.2.15 - TCP segmentation - out of order 1 byte segments

Test 2.2.16 - TCP segmentation - out of order 1 byte segments, interleaved duplicate segments with faked retransmits

Test 2.2.17 - TCP segmentation - ordered 1 byte segments, segment overlap (favour new)

Test 2.2.18 - TCP segmentation - out of order 1 byte segments, PAWS elimination (interleaved dup segments with older TCP timestamp options)

Test 2.2.19 - IP fragmentation - out of order 8 byte fragments, interleaved duplicate packets scheduled for later delivery

Test 2.2.20 - TCP segmentation - ordered 16 byte segments, segment overlap (favour new (Unix))

Total


Test 2.3 - URL Obfuscation

Detected?

Decoded?

Blocked?

Test 2.3.1 - URL encoding

Test 2.3.2 - /./ directory insertion

Test 2.3.3 - Premature URL ending

Test 2.3.4 - Long URL

Test 2.3.5 - Fake parameter

Test 2.3.6 - TAB separation

Test 2.3.7 - Case sensitivity

Test 2.3.8 - Windows \ delimiter

Test 2.3.9 - Session splicing

Total

Test 2.4 - Miscellaneous Obfuscation Techniques

Detected?

Decoded?

Blocked?

Test 2.4.1 - Altering default ports

Test 2.4.2 - Inserting spaces in FTP command lines

Test 2.4.3 - Inserting non-text Telnet opcodes in FTP data stream

Test 2.4.4 - Polymorphic mutation (ADMmutate)

Test 2.4.5 - Altering protocol and RPC PROC numbers

Test 2.4.6 - RPC record fragging (MS-RPC and Sun)

Test 2.4.7 - HTTP exploits to port <> 80

Total

Section 3 - Stateful Operation

Test 3.1 - Stateless Attack Replay

Alert?

Blocked?

Pass/Fail

Test 3.1.1 - Stateless Web exploits

Test 3.1.2 - Stateless FTP exploits

Test 3.2 - Simultaneous Open Connections (default settings)

Number of open connections

Test 3.2.1 - Attack Detection

Test 3.2.2 - Attack Blocking

Test 3.2.3 - State Preservation

Test 3.2.4 - Legitimate traffic blocking

Test 3.3 - Simultaneous Open Connections (after tuning)

Number of open connections

Test 3.3.1 - Attack Detection

Test 3.3.2 - Attack Blocking

Test 3.3.3 - State Preservation

Test 3.3.4 - Legitimate traffic blocking

Section 4 - Detection/Blocking Performance Under Load

Test 4.1 - UDP traffic to random valid ports

125Mbps

250Mbps

375Mbps

500Mbps

Max

Test 4.1.1 - 256 byte packet test - max 226,500pps

Test 4.1.2 - 550 byte packet test - max 110,000pps

Test 4.1.3 - 1514 byte packet test - max 61,000pps

Test 4.2 - HTTP “maximum stress” traffic with no transaction delays

125Mbps

250Mbps

375Mbps

500Mbps

Max

Test 4.2.1 - Max 1250 connections per second - ave packet size 1000 bytes - max 60,000 packets per second

Test 4.2.2 - Max 2500 connections per second - ave packet size 540 bytes - max 112,500 packets per second

Test 4.2.3 - Max 5000 connections per second - ave packet size 440 bytes - max 137,500 packets per second

Test 4.2.4 - Max 10000 connections per second - ave packet size 360 bytes - max 160,000 packets per second

Test 4.3 - HTTP “maximum stress” traffic with transaction delays

125Mbps

250Mbps

375Mbps

500Mbps

Max

Test 4.3.1 - Max 2500 connections per second - ave packet size 540 bytes - max 112,500 packets per second - 10 sec delay - max 25,000 open connections

Test 4.3.2 - Max 5000 connections per second - ave packet size 440 bytes - max 137,500 packets per second - 10 sec delay - max 50,000 open connections

Test 4.4 - Protocol mix

125Mbps

250Mbps

375Mbps

500Mbps

Max

Test 4.4.1 - 72% HTTP (540 byte packets) + 20% FTP + 6% UDP (256 byte packets). Max 2000 connections per second - ave packet size 540 bytes - max 107,500 packets per second - max 375 open connections

��


Test 4.5 - Real World traffic

125Mbps

250Mbps

375Mbps

500Mbps

Max

Test 4.5.1 - Pure HTTP (simulated browsing session on NSS Web site). Max 2350 connections per second - 10 new users per second - ave packet size 560 bytes - max 105,000 packets per second

Test 4.5.2 - Protocol mix - 72% HTTP (simulated browsing sessions as 2.5.1) + 20% FTP + 6% UDP (256 byte packets). Max 1850 connections per second - ave packet size 560 bytes - max 102,500 packets per second - max 750 open connections

Section 5 - Latency & User Response Times

Test 5.1 - Latency

Packet Size


125Mbps


250Mbps


375Mbps


500Mbps

Test 5.1.1 Average latency (�s) with no background traffic

Test 5.1.2 Average latency (�s) with background traffic (250Mbps HTTP traffic, max 1250 connections per second - ave packet size 540 bytes - max 56,250 packets per second)

Test 5.1.3 Average latency (�s) when under attack (50Mbps SYN flood (74,000cps))

Test 5.2 - User Response Times

Attempted Trans

Failed
Trans

Min Page Response

Max Page Response

Ave Page Response

Test 5.2.1 - Web page response (ms) with no background traffic (250Mbps HTTP traffic, max 1250 connections per sec - ave packet size 540 bytes - max 56,250 packets per sec)

Test 5.2.2 - Web page response (ms) when under attack (250Mbps HTTP traffic, max 1250 connections per sec - ave packet size 540 bytes - max 56,250 packets per sec PLUS 50Mbps SYN flood (74,000cps))

Section 6 - Stability & Reliability

Test ID

Result

Test 6.1.1 - Blocking Under Extended Attack

Test 6.1.2 - Passing legitimate traffic under extended attack

Test 6.1.3 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC

Section 7 - Management Interface

Test ID

Result

Test 7.1.1 - Open Ports

Test 7.1.2 - ISIC/ESIC/TCPSIC/UDPSIC/ICMPSIC

Test 7.1.3 - ISIC attacks detected against management interface?

Click here to return to the IPS Index Section

Top�������� Home

Send mail to webmaster with questions or�
comments about this web site.

Copyright � 1991-2006 The NSS Group Ltd.
All rights reserved.