Security /
Attacks we performed and performance of IDS products tested
By
Network World, 10/08/01
Attacks
we performed
|
| Name |
Type
of Attack |
Method |
| Ping
Flood |
Denial
of Service (DoS) |
Flooding |
| Targa3 |
DoS |
Flooding |
| Jolt2 |
DoS |
Fragmentation,
flooding |
| Synflood |
DoS |
Flooding |
| UDP
Flood |
DoS |
Flooding |
| w00f |
DoS |
Buffer
overflow |
| finger
bomb |
DoS |
Buffer
overflow |
| SMTP
wiz backdoor |
Surveillance |
Surveillance
(probes) |
| SMTP
VRFY |
Surveillance |
Surveillance
(probes) |
| SMTP
EXPN overflow |
DoS |
Buffer
overflow |
| POP3
login overflow |
DoS |
Buffer
overflow |
| iquery
Bind exploit |
DoS |
Buffer
overflow |
| Bind
8 Transaction Signatures |
Remote
to Local (R2L) |
Buffer
overflow |
| IIS
5.0 Visual Studio RAD Support (fp30reg.dll) |
R2L |
Buffer
overflow |
| IIS
5.0 IPP ISAPI 'Host:' |
DoS |
Buffer
overflow |
| MS
and Indexing Service ISAPI Extension (idq.dll) |
DoS |
Buffer
overflow |
| IIS
5.0 IPP ISAPI 'Host:' (Jill) |
DoS |
Buffer
overflow |
| IIS
4.0 ISAPI (Teso Crew) |
DoS |
Buffer
overflow |
| Telnet
Password Brute Force Vulnerability |
R2L |
Brute
force password cracker |
| Nmap |
Surveillance |
Port
scanner |
| Nmap
(SYN stealth) |
Surveillance |
Port
scanner |
| Superscan |
Surveillance |
Port
scanner |
| Netbus |
R2L |
Trojan
Horse |
| BackOrifice
2K |
R2L |
Trojan
Horse |
| BackOrifice
2K (on a non-standard part) |
R2L |
Trojan
Horse |
| Stick |
IDS
evasion |
Signature
spoofing |
| Whisker |
IDS
evasion |
Signasture
encoding, CGI exploits |
|
| Performance of IDS products tested |
|
Cisco |
Computer
Associates |
Enterasys |
Intrusion.com |
ISS |
| No-load:
Attacks detected out of 27 delivered (% success) |
21 (78%) |
24 (89%) |
24 (89%) |
25 (93%) |
24 (89%) |
| Stress
tests |
| 40M
bit/sec load * |
19 of
21 (90%) |
23 of
24 (96%) |
24 of
24 (100%) |
20 of
25 (80%) |
22 of
24 (92%) |
| 60M
bit/sec load * |
19 of
21 (90%) |
22 of
24 (92%) |
24 of
24 (100%) |
16 of
25 (64%) |
22 of
24 (92%) |
| 90M
bit/sec load* |
19 of
21 (90%) |
19 of
24 (79%) |
21 of
24 (88%) |
4 of
25 (16%) |
17 of
24 (71%) |
| Stress
tests if 27 used |
| 40M
bit/sec |
19 of
27 (70%) |
23 of
27 (85%) |
24 of
27 (89%) |
20 of
27 (74%) |
22 of
27 (81%) |
| 60M
bit/sec |
19 of
27 (70%) |
22 of
27 (81%) |
24 of
27 (89%) |
16 of
27 (59%) |
22 of
27 (81%) |
| 90M
bit/sec |
19 of
27 (70%) |
19 of
27 (70%) |
21 of
27 (78%) |
4 of
27 (15%) |
17 of
27 (63%) |
| *
If an attack was not detected in the "no load" test, it was eliminated
in the stress tests |
|
RELATED LINKS
 |
 |
 |
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up! |
|
 |
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE |
|
|
| Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW. |
|
