IDS Test 1 � Attack Recognition

Attacks

Detected

Port scans

5

5

Denial of Service�

11

11

DDOS/Trojan

n/a

n/a

Web

1

1

FTP

1

1

SMTP

n/a

n/a

POP3

n/a

n/a

ICMP

n/a

n/a

Finger

n/a

n/a

Total

18

18

IDS Test 2 - Performance Under Load

0%

25%

50%

75%

100%

Small (64 byte) packet test (max 148,000pps)

100%

100%

100%

100%

100%

�Real world� packet test (max 57,000pps)

n/a

n/a

n/a

n/a

n/a

Large (1514 byte) packet test (max 8176pps)

n/a

n/a

n/a

n/a

n/a

IDS Test 3 - IDS Evasion Techniques

Attacks

Detected

Fragrouter

8

8

Whisker�

7

7

Total

15

15

IDS Test 4 - Stateful Operation

Attacks

Vulnerable?

Stick

n/a

n/a

Snot�

n/a

n/a

Notes:

1.���BlackICE Sentry was not re-tested for Edition 2, therefore a complete set of test results are not available. Tests that were not included in Edition 1 are marked as �n/a�

The only product in our tests to detect every single one of our attacks accurately (bear in mind it has not yet been tested against our Edition 2 test suite, however), it also managed 100 per cent detection rates at 100 per cent network loads with ease. Couple this with an extremely low CPU utilisation on the host, perfect fragmentation reassembly and resistance to IDS evasion techniques, and you have an outstanding product.

Note that NetworkICE was acquired by ISS earlier this year, and the BlackICE technology is in the process of being integrated into the RealSecure product line at the time of writing. We will be evaluating the fruits of that integration in the form of RealSecure 7 in Edition 3 of this report (testing begins Q1 2002).

Click here to return to the Network ICE Review
Click here to return to the Network ICE Questionnaire
Click here to return to the IDS Index Section

Send mail to webmaster with questions or�
comments about this web site.
Copyright � 1991-2002 The NSS Group.
All rights reserved.