I'm sure that this is something that needs to be implemented by the
vendor. For Snort, if you daemonized it, do a 'kill -USR1 pid' and it
will dump stats to syslog. If not damonized, it will dump stats to the
console. As for NFR, I know it does also send alerts anytime it begins to
drop packets.

Also keep in mind, it also REALLY depends on how many filters/signatures
you are running. Vendor "A" may state one thing, but forget to mention
that its barely running any filters at all.

At 07:53 AM 1/25/2002 +0800, Ken Pohniman wrote:
> From what I understand, a NIDS can typically handle up to 40Mbps of traffic
>at any one time before starting to drop packets aggresively. An IDS
>Balancer, like that from TopLayer Networks, will be required, especially if
>you're talking about a GE network.
>
>Btw, regardless of what tool you use, does anyone knows how to check what is
>the packet drop rate on the IDS?
>
>Thanks!
>
>-----Original Message-----
>From: Chad Gough [mailto:chad131yahoo.com]
>Sent: Thursday, January 24, 2002 11:27 PM
>To: focus-idslists.securityfocus.com
>Subject: Generating Traffic to Stress Test IDS
>
>
>Does anyone know of any good tools that can generate alot of network
>traffic to see at what point an IDS starts dropping packets?
>
>Thanks,
>Chad
>
>__________________________________________________
>Do You Yahoo!?
>Great stuff seeking new owners in Yahoo! Auctions!
>http://auctions.yahoo.com
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free yahoo.com address at http://mail.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]