|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Fyodor (fygrave
tigerteam.net)Date: Sun Mar 18 2001 - 06:58:16 CST
FYI :)
----- Forwarded message from Greg Hoglund <hoglundclicktosecure.com> -----
From: "Greg Hoglund" <hoglundclicktosecure.com>
Date: Sat, 17 Mar 2001 11:58:37 -0800
To: <HailstormUsersyahoogroups.com>
Subject: [HailstormUsers] stick -vs- Hailstorm
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Reply-To: HailstormUsersyahoogroups.com
Heya,
I was looking at the webpage for the tool called 'stick'. The website claims the tool will issue about 250 alarms/second to a RealSecure or Snort IDS system. I just thought it would be worth mentioning that our current release of Hailstorm can already do that - so if you want to test your IDS for load issues - you might try embedding some triggers into a Hailstorm pattern and setting the profile to repeat a few thousand times.
On a performance note - our 1.1 release of Hailstorm includes a new checkpoint called 'packet multiplier' that, when used, can generate IDS triggers at about 7,500 times/second - actually loads the wire directly from the Hailstorm driver and avoids that nasty context-switch from user mode. That's alot of packets and alot of triggers - if this 'stick' tool can generate 250/second and apparently crash the IDS, imagine what Hailstorm will do. We are getting closer to our 1.1 release so any of you that have time might want to play around with the faster engine - I am curious to find out how much damage it does to your IDS systems.
-Greg Hoglund
CTO, Click To Secure, Inc.
http://www.clicktosecure.com
----- End forwarded message -----
-- http://www.notlsd.net PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1_______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]