Test Results

Please note that the individual test results are not available on-line for this report.

If you wish to read these, they are available in the complete report, which is only available to purchase from our on-line store.

The report is offered as a spiral-bound print version, or as a PDF file on CD or for immediate download.

Click here to visit our on-line store.

Click here to return to the Gigabit IDS Index Section

Top Home

Certification Programs

Group Test Reports

White Papers

On-Line Store

Contact The NSS Group

Home

Sample Test Results

Section 1 - Detection Engine

Test 1.1 – Attack Recognition	Attacks	Default ARR	Custom ARR
Test 1.1.1 - Backdoors
Test 1.1.2 - WINS/DNS
Test 1.1.3 - DOS
Test 1.1.4 - False negatives (modified exploits)
Test 1.1.5 - Finger
Test 1.1.6 - FTP
Test 1.1.7 - HTTP
Test 1.1.8 - ICMP
Test 1.1.9 - Reconnaissance
Test 1.1.10 - RPC
Test 1.1.11 - SSH
Test 1.1.12 - Telnet
Test 1.1.13 - Database
Test 1.1.14 - Mail
Test 1.1.15 - Voice
Total

Test 1.2 – Resistance to False Positives	Default	Custom
Test 1.2.1 - Suspicious FTP traffic
Test 1.2.2 - HTTP “exploit” using incorrect method
Test 1.2.3 - Retrieval of Web page containing “suspicious” URLs
Test 1.2.4 - Simple SMTP QUIT command
Test 1.2.5 - Normal NetBIOS copy of “suspicious” files
Test 1.2.6 - Normal NetBIOS traffic
Test 1.2.7 - POP3 e-mail containing “suspicious” URLs
Test 1.2.8 - POP3 e-mail with “suspicious” DLL attachment
Test 1.2.9 - POP3 e-mail with “suspicious” Web page attachment
Test 1.2.10 - SMTP e-mail transfer containing “suspicious” URLs
Test 1.2.11 - SMTP e-mail transfer with “suspicious” DLL attachment
Test 1.2.12 - SMTP e-mail transfer with “suspicious” Web page attachment
Test 1.2.13 - SNMP V3 packet with invalid parameter
Test 1.2.14 - Fake DNS /bin/sh buffer overflow
Test 1.2.15 - Inter-firewall communication traffic
Test 1.2.16 - Fake SQL Slammer traffic
Test 1.2.17 - File copy of GIF file (contains bytes which look like NOP sled)
Total Passed

Section 2 - IPS Evasion

Test 2.1 – Evasion Baselines	Detected?
Test 2.1.1 - NSS Back Orifice ping
Test 2.1.2 - Back Orifice connection
Test 2.1.3 - FTP CWD root
Test 2.1.4 - ISAPI printer overflow
Test 2.1.5 - Showmount export lists
Test 2.1.6 - Test CGI probe (/cgi-bin/test-cgi)
Test 2.1.7 - PHF remote command execution
Total

Test 2.2 – Packet Fragmentation/Stream Segmentation	Detected?	Decoded?
Test 2.2.1 - IP fragmentation - ordered 8 byte fragments
Test 2.2.2 - IP fragmentation - ordered 24 byte fragments
Test 2.2.3 - IP fragmentation - out of order 8 byte fragments
Test 2.2.4 - IP fragmentation - ordered 8 byte fragments, duplicate last packet
Test 2.2.5 - IP fragmentation - out of order 8 byte fragments, duplicate last packet
Test 2.2.6 - IP fragmentation - ordered 8 byte fragments, reorder fragments in reverse
Test 2.2.7 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour new)
Test 2.2.8 - IP fragmentation - ordered 16 byte fragments, fragment overlap (favour old)
Test 2.2.9 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with invalid TCP checksums
Test 2.2.10 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with null TCP control flags
Test 2.2.11 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with requests to resync sequence nos. mid-stream
Test 2.2.12 - TCP segmentation - ordered 1 byte segments, duplicate last packet
Test 2.2.13 - TCP segmentation - ordered 2 byte segments, segment overlap (favour new)
Test 2.2.14 - TCP segmentation - ordered 1 byte segments, interleaved duplicate segments with out-of-window sequence numbers
Test 2.2.15 - TCP segmentation - out of order 1 byte segments
Test 2.2.16 - TCP segmentation - out of order 1 byte segments, interleaved duplicate segments with faked retransmits
Test 2.2.17 - TCP segmentation - ordered 1 byte segments, segment overlap (favour new)
Test 2.2.18 - TCP segmentation - out of order 1 byte segments, PAWS elimination (interleaved dup segments with older TCP timestamp options)
Test 2.2.19 - IP fragmentation - out of order 8 byte fragments, interleaved duplicate packets scheduled for later delivery
Test 2.2.20 - TCP segmentation - ordered 16 byte segments, segment overlap (favour new (Unix))
Total

Test 2.3 – URL Obfuscation	Detected?	Decoded?
Test 2.3.1 - URL encoding
Test 2.3.2 - /./ directory insertion
Test 2.3.3 - Premature URL ending
Test 2.3.4 - Long URL
Test 2.3.5 - Fake parameter
Test 2.3.6 - TAB separation
Test 2.3.7 - Case sensitivity
Test 2.3.8 - Windows \ delimiter
Test 2.3.9 - Session splicing
Total

Test 2.4 – Miscellaneous Obfuscation Techniques	Detected?	Decoded?
Test 2.4.1 - Altering default ports
Test 2.4.2 - Inserting spaces in FTP command lines
Test 2.4.3 - Inserting non-text Telnet opcodes in FTP data stream
Test 2.4.4 - Polymorphic mutation (ADMmutate)
Test 2.4.5 - Altering protocol and RPC PROC numbers
Test 2.4.6 - RPC record fragging (MS-RPC and Sun)
Test 2.4.7 - HTTP exploits to port <> 80
Total

Section 3 - Stateful Operation

Test 3.1 – Stateless Attack Replay	Alert?	Pass/Fail
Test 3.1.1 - Stateless Web exploits
Test 3.1.2 - Stateless FTP exploits

Test 3.2 – Simultaneous Open Connections (default settings)
Number of open connections
Test 3.2.1 - Attack Detection
Test 3.2.2 - State Preservation

Test 3.3 – Simultaneous Open Connections (after tuning)
Number of open connections
Test 3.3.1 - Attack Detection
Test 3.3.2 - State Preservation

Section 4 - Detection/Blocking Performance Under Load

Test 4.1 – UDP traffic to random valid ports

150Mbps

300Mbps

450Mbps

600Mbps

Max

Test 4.1.1 - 256 byte packet test - max 270,000pps

Test 4.1.2 - 550 byte packet test - max 132,000pps