Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Open source software ready for big business
•	First iPhone worm spreads Rick Astley wallpaper
•	Four reasons to buy (and one reason to avoid) the Droid
•	Stimulus for tech and telecom $3B, but jobs still guesswork
•	Cisco MARS shuts out new third-party security devices
•	Verizon Droid buzz muted in Boston
•	Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
•	Cloud computing, virtualization proponents getting antsy
•	Data center start-up offers energy saving software
•
•	Vendors scrambling to fix bug in Net's security
•	Judge dismisses lawsuit challenging Gartner's Magic Quadrant
•	Cloud computing inevitable? Not so fast, educator says
•	Blue Coat slashes staff, buys S7 services company
•	More breaking news

Routers/Switches /

How we did it

By Betsy Yocom, Kevin Brown and Dan Van Derveer NETWORK WORLD GLOBAL TEST ALLIANCE MEMBERS
Network World, 12/18/00

Our test bed consisted of an "attacker" system running Red Hat 6.2; a router (also running Red Hat 6.2); a "victim" running Windows 98 SE, an Ixia 1600 Traffic Generator and Analyzer; and a Cisco Catalyst 6506 with a 48-port switch module and the Cisco Catalyst 6000 IDS Module running software Version 2.5(1) s1. We tested using the Cisco Catalyst Operating System Version 6.1(1a) and the Cisco Secure Policy Manager (CSPM) Version 2.2. Each device was connected directly to the Cisco Catalyst 6506 switch, except for the attacker, which was connected on a different subnet on the far side of the router.

Using an Ixia 1600 box to generate background traffic, we executed a number of attack scripts - one at a time - against the victim machine. We tested using denial-of-service attacks, including IIS Dot Dot DoS; access exploit attacks, such as IIS BAT Exe and Alibaba Attack; and a buffer overflow attack. We also selected attacks that would be directed at various operating systems (Solaris, Unix and Windows NT) and Web-server software (IIS and Apache). As attacks were occurring, we noted how quickly the Catalyst 6000 IDS Module detected the attack and recorded it on the CSPM console. We also measured the throughput of the cumulative traffic (background and attack traffic) passing through the Catalyst switch. All throughput measurements were based on 512-byte packets.

RELATED LINKS

Yocom is senior editor, Brown is test engineer of security products and Van Derveer is a lab test technician at Mier Communications, a strategic consulting and product test center in Princeton Junction, N.J. They can be reached at byocom@mier.com or kbrown@mier.com.

Review: Cisco offers wire-speed intrusion detection

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.