 |
|
CA eTrust Intrusion Detect v1.4.5
|
IDS Test 1 � Attack Recognition |
Attacks |
Detected |
|
Port scans |
5 |
4 |
|
Denial of Service� |
11 |
10 |
|
DDOS/Trojan |
n/a |
n/a |
|
Web |
1 |
1 |
|
FTP |
1 |
1 |
|
SMTP |
n/a |
n/a |
|
POP3 |
n/a |
n/a |
|
ICMP |
n/a |
n/a |
|
Finger |
n/a |
n/a |
|
Total |
18 |
16 |
�
|
IDS Test 2 - Performance Under Load |
0% |
25% |
50% |
75% |
100% |
|
Small (64 byte) packet test (max 148,000pps) |
100% |
100% |
100% |
n/a1 |
n/a1 |
|
�Real world� packet test (max 57,000pps) |
n/a |
n/a |
n/a |
n/a |
n/a |
|
Large (1514 byte) packet test (max 8176pps) |
n/a |
n/a |
n/a |
n/a |
n/a |
�
|
IDS Test 3 - IDS Evasion Techniques |
Attacks |
Detected |
|
Fragrouter |
8 |
8 |
|
Whisker� |
7 |
7 |
|
Total |
15 |
15 |
�
|
IDS Test 4 - Stateful Operation |
Attacks |
Vulnerable? |
|
Stick |
n/a |
n/a |
|
Snot� |
n/a |
n/a |
�
|
Notes: 1.�� We were unable to obtain completely accurate alert counts at high network loads since eTrust suddenly began counting multiple alerts per attack. However, we did launch many individual attacks at both 75 and 100 per cent loads and eTrust detected all of them 2.�� eTrust was not re-tested for Edition 2, therefore a complete set of test results are not available. Tests that were not included in Edition 1 are marked as �n/a�
There was a certain amount of misrepresentation of attacks in the eTrust alerts, but nothing too serious or inaccurate. We were disappointed to see it miss the FIN stealth port scan and the Land attack, but hopefully this will be remedied in a future signature update. CA eTrust has excellent real-time alerting, so it is simple enough to see the attacks as they arrive in the alerting window, but there is no accurate count either in the real-time monitoring screens or via the reports. We attempted to count manually a reduced number of alerts, but it is still not possible to count manually at higher network loads since there seems to be extensive event aggregation occurring, with no way to disable it. This meant we were unable to obtain completely accurate performance statistics for the high-volume attack tests. eTrust did handle all IDS evasion techniques and packet reassembly with ease. Click here
to return to the CA eTrust� Review |
Send mail to webmaster
with questions or�
|