test environment:
1 CAW webreflector+webavalanche 1000M module;
2 real http connection to get 512k byte web
page;
3 full tcp 3-way handershake;
4 about several hunderand sesssions per
second;
5 after the traffic reach a certain value ,we send 20
"tftp file-name buffer overflow" attacks(under no stress,we could detect it
correctly);
6 after each test ,we restart sensor from console
rs configuration:
1 RS7.0/sr1.5/xpu20.10/ec version 6.6
2 intel 1000F NIC with high performance
driver;
3 2xPIV1.8GHZ CPU/3G MEM/80G DISK
results
0 20 attacks under 150M;
1 12 attacks under 250M;
2 6 attacks under 500M ;
3 5attacks under 750M;
4 0attacks under 850M;
5 5attacks under 900M;
6 almost 20 attacks under 1000M!
6 almost 20 attacks under 1000M!
we confirm the background and attacks with gigabit
sniffer,and test again with "http_iis_indexserver_bufferoverflow" attack,almost
the same result.
we got the good result in "tcp background" ,"udp background"
and almost 110,0000 "concurent sessions",but only in the above item we lost! I
don't know why .
<<FoxmailIcon: face-6(21).GIF>>
