OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Sten (s10) (stenipjam.com)
Date: Sun Mar 18 2001 - 14:26:03 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi all,

    stick can be found at:

    http://www.8thport.com/projects8.html

    grtz,
    s10

    Fyodor wrote:
    >
    > FYI :)
    >
    > ----- Forwarded message from Greg Hoglund <hoglundclicktosecure.com> -----
    >
    > From: "Greg Hoglund" <hoglundclicktosecure.com>
    > Date: Sat, 17 Mar 2001 11:58:37 -0800
    > To: <HailstormUsersyahoogroups.com>
    > Subject: [HailstormUsers] stick -vs- Hailstorm
    > X-Mailer: Microsoft Outlook Express 5.50.4133.2400
    > Reply-To: HailstormUsersyahoogroups.com
    >
    > Heya,
    >
    > I was looking at the webpage for the tool called 'stick'. The website claims the tool will issue about 250 alarms/second to a RealSecure or Snort IDS system. I just thought it would be worth mentioning that our current release of Hailstorm can already do that - so if you want to test your IDS for load issues - you might try embedding some triggers into a Hailstorm pattern and setting the profile to repeat a few thousand times.
    >
    > On a performance note - our 1.1 release of Hailstorm includes a new checkpoint called 'packet multiplier' that, when used, can generate IDS triggers at about 7,500 times/second - actually loads the wire directly from the Hailstorm driver and avoids that nasty context-switch from user mode. That's alot of packets and alot of triggers - if this 'stick' tool can generate 250/second and apparently crash the IDS, imagine what Hailstorm will do. We are getting closer to our 1.1 release so any of you that have time might want to play around with the faster engine - I am curious to find out how much damage it does to your IDS systems.
    >
    > -Greg Hoglund
    > CTO, Click To Secure, Inc.
    > http://www.clicktosecure.com
    >
    > ----- End forwarded message -----
    >
    > --
    > http://www.notlsd.net
    > PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
    >
    > _______________________________________________
    > Snort-users mailing list
    > Snort-userslists.sourceforge.net
    > Go to this URL to change user options or unsubscribe:
    > http://lists.sourceforge.net/lists/listinfo/snort-users
    > Snort-users list archive:
    > http://www.geocrawler.com/redir-sf.php3?list=snort-users 

    -- 

    It is impossible to make anything foolproof because fools are so
ingenious

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users