[Snort-users] [hoglund at ...1182...: [HailstormUsers] stick -vs- Hailstorm]

Fyodor fygrave at ...121...
Sun Mar 18 07:58:16 EST 2001

FYI :)

----- Forwarded message from Greg Hoglund <hoglund at ...1182...> -----

From: "Greg Hoglund" <hoglund at ...1182...>
Date: Sat, 17 Mar 2001 11:58:37 -0800
To: <HailstormUsers at ...1601...>
Subject: [HailstormUsers] stick -vs- Hailstorm
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Reply-To: HailstormUsers at ...1601...


I was looking at the webpage for the tool called 'stick'.  The website claims the tool will issue about 250 alarms/second to a RealSecure or Snort IDS system.  I just thought it would be worth mentioning that our current release of Hailstorm can already do that - so if you want to test your IDS for load issues - you might try embedding some triggers into a Hailstorm pattern and setting the profile to repeat a few thousand times.   

On a performance note - our 1.1 release of Hailstorm includes a new checkpoint called 'packet multiplier' that, when used, can generate IDS triggers at about 7,500 times/second - actually loads the wire directly from the Hailstorm driver and avoids that nasty context-switch from user mode.  That's alot of packets and alot of triggers - if this 'stick' tool can generate 250/second and apparently crash the IDS, imagine what Hailstorm will do.  We are getting closer to our 1.1 release so any of you that have time might want to play around with the faster engine - I am curious to find out how much damage it does to your IDS systems.

-Greg Hoglund
CTO, Click To Secure, Inc.

----- End forwarded message -----

PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

More information about the Snort-users mailing list