A NIDS is a computer security system which detects misuse, attacks against, or compromise of computers connected to a network. They operate by passively examining network packets as they travel over the wire and alerting administrators when they see something unusual or malicious. [1]
Network intrusion detection is still something of a black art - while it is intuitively easy to understand (analogies to burglar alarms, traffic speed traps, etc. abound), the implementation details are often overlooked. For example, in a seminal paper on network intrusion detection published last year, Ptacek and Newsham demonstrated that the vast majority of commercially-available NIDSs are trivially defeated. Fundamental problems in passive monitoring of TCP/IP limit the ability of a NIDS to correctly determine what's actually happening at the endpoint of a traffic stream, and most NIDSs actually do nothing to correct for them. [2]
The goal of the nidsbench project is to provide better tools for evaluating NIDS products and to help standardize a testing methodology for the purpose of objective comparison. Other groups are already working toward the same goal - some industry magazines have their own security test labs (such as InfoWorld and DataComm), IDS shootouts are being featured at industry conferences, and a few research groups have made much headway in the areas of NIDS taxonomy, formal testing environments, reference network attack corpora, etc. [3]
Nidsbench includes the following programs to do this:
Nidsbench does not include a corpus of data to run tests with, nor does it specify a procedure or methodology to use in evaluating NIDSs. We hope that our software is useful to those looking for the tools to instrument such tests, but we have refrained from trying to specify how they should actually be conducted - the rest is up to you!
File | Description | Supported Platforms |
fragrouter-1.1.tar.gz | Fragrouter version 1.1 | BSD, Linux, others? |
tcpreplay-1.0.1.tar.gz | Tcpreplay version 1.0.1 | BSD, Linux, Solaris, others? |
nidsbench@anzen.com | © 1999 Anzen Computing. All rights reserved. |