[Snort-users] [hoglund at ...1182...: [HailstormUsers] stick -vs- Hailstorm]

Sten (s10) sten at ...6...
Sun Mar 18 15:26:03 EST 2001


Hi all,

stick can be found at:

http://www.8thport.com/projects8.html

grtz,
s10

Fyodor wrote:
> 
> FYI :)
> 
> ----- Forwarded message from Greg Hoglund <hoglund at ...1182...> -----
> 
> From: "Greg Hoglund" <hoglund at ...1182...>
> Date: Sat, 17 Mar 2001 11:58:37 -0800
> To: <HailstormUsers at ...1601...>
> Subject: [HailstormUsers] stick -vs- Hailstorm
> X-Mailer: Microsoft Outlook Express 5.50.4133.2400
> Reply-To: HailstormUsers at ...1601...
> 
> Heya,
> 
> I was looking at the webpage for the tool called 'stick'.  The website claims the tool will issue about 250 alarms/second to a RealSecure or Snort IDS system.  I just thought it would be worth mentioning that our current release of Hailstorm can already do that - so if you want to test your IDS for load issues - you might try embedding some triggers into a Hailstorm pattern and setting the profile to repeat a few thousand times.
> 
> On a performance note - our 1.1 release of Hailstorm includes a new checkpoint called 'packet multiplier' that, when used, can generate IDS triggers at about 7,500 times/second - actually loads the wire directly from the Hailstorm driver and avoids that nasty context-switch from user mode.  That's alot of packets and alot of triggers - if this 'stick' tool can generate 250/second and apparently crash the IDS, imagine what Hailstorm will do.  We are getting closer to our 1.1 release so any of you that have time might want to play around with the faster engine - I am curious to find out how much damage it does to your IDS systems.
> 
> -Greg Hoglund
> CTO, Click To Secure, Inc.
> http://www.clicktosecure.com
> 
> ----- End forwarded message -----
> 
> --
> http://www.notlsd.net
> PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 

It is impossible to make anything foolproof because fools are so
ingenious




More information about the Snort-users mailing list