IDS test tools and cool gigether device.
Peter Van Epp
vanepp at sfu.ca
Fri May 26 15:21:13 EDT 2000
A couple of interesting things that I have found out while arranging
for evals of a couple of commercial IDS products. First www.anzen.com under
the "research" page has test tools (traffic and attack generator code) which
looks like a good bet. I'm in the process of buying a test setup (not only
for argus, but it will certainly do that) and will install this stuff on there
and play.
http://ww.anzen.com/research/nidsbench/
As well when I was asking for a quote on NFR with the future move to
Gigether they pointed me at this lovely box (this harks back to our earlier
discussion about how we IDS a Gigether link on PC class machines). This should
do the trick by splitting the stream in to manageable chunks in 100baseT
ports (assuming of course your traffic mix allows that).
> NFR is currently working on adding hardware support for Gigabit. The
> problem though is the ability of the software to keep up. The solution NFR
> is recommending is to use a device made by a company called Toplayer.
>
> Toplayer produces the Appswitch which provides you with the ability to
> switch traffic at the application level. This give you the ability to
> programmatically direct HTTP, FTP, SMTP, etc... to different ports on the
> switch, where the traffic can subsequently be monitored by multiple
> sensors. This allows you to break down a larger stream into smaller more
> manageable streams. It addition, you get an added performance boost in
> that each sensor is now only required to run a smaller subset of N-code.
>
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list