IDS test tools and cool gigether device.

Peter Van Epp vanepp at
Fri May 26 15:21:13 EDT 2000

	A couple of interesting things that I have found out while arranging
for evals of a couple of commercial IDS products. First under
the "research" page has test tools (traffic and attack generator code) which
looks like a good bet. I'm in the process of buying a test setup (not only
for argus, but it will certainly do that) and will install this stuff on there
and play.

	As well when I was asking for a quote on NFR with the future move to
Gigether they pointed me at this lovely box (this harks back to our earlier
discussion about how we IDS a Gigether link on PC class machines). This should
do the trick by splitting the stream in to manageable chunks in 100baseT
ports (assuming of course your traffic mix allows that).

> NFR is currently working on adding hardware support for Gigabit.  The 
> problem though is the ability of the software to keep up.  The solution NFR 
> is recommending is to use a device made by a company called Toplayer.
> Toplayer produces the Appswitch which provides you with the ability to 
> switch traffic at the application level.  This give you the ability to 
> programmatically direct HTTP, FTP, SMTP, etc... to different ports on the 
> switch, where the traffic can subsequently be monitored by multiple 
> sensors.  This allows you to break down a larger stream into smaller more 
> manageable streams.  It addition, you get an added performance boost in 
> that each sensor is now only required to run a smaller subset of N-code.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list