LOCATION: Neohapsis / OSEC / Test Results / Cisco IDS-4250-XL 4.1(3)S74 / Test Summary About OSEC Test Criteria Test Results Resources Cisco IDS-4250-XL 4.1(3)S74 Test Summary   OSEC NIDS v1.0 - Cisco IDS-4250-XL 4.1(3)S74 Test Summary     A - Device Integrity Checking Test # Test Name Pass/Fail A1 Listening Service Inventory Completed A2 Known-vulns check Pass A3 SNMP v1 Protos Tests Pass A4 Routable ISIC protocol mix To Pass A5 Routable ISIC protocol mix Through Pass A6 Unfiltered ISIC protocol mix To Pass A7 Unfiltered ISIC protocol mix Through Pass A8 TCP / ISN generation test Pass   B - Signature baseline Test # Test Name Pass/Fail B1 Mainstream attack baseline Pass B2 Modified attacks Pass   C - State Test Test # Test Name Pass/Fail C1 State Confirmation Test Pass C2 Tool dry-run Pass C3 Low session, small address block Pass C4 Low session, large address block Pass C5 Medium session, small address block Pass C6 Medium session, large address block Pass C7 Medium session, small address block Pass C8 Medium session, large address block Pass C9 High session, small address block Pass C10 High session, large address block Pass   D - Discard Test Test # Test Name Pass/Fail D1 Tool dry-run Pass D2 Bogus port and injection (10 Mbps) Pass D3 Bogus port and injection (80 Mbps) Pass D4 Bogus port and injection (200 Mbps) Pass D5 Bogus port and injection (500 Mbps) N/A D6 Bogus port and injection (750 Mbps) N/A D7 Valid port and injection (10 Mbps) Pass D8 Valid port and injection (80 Mbps) Pass D9 Valid port and injection (200 Mbps) Pass D10 Valid port and injection (500 Mbps) N/A D11 Valid port and injection (750 Mbps) N/A D12 Invalid traffic (64byte frames) N/A   E - Engine flex Test # Test Name Pass/Fail E1 Tool dry-run Pass E2 HTTP (10 Mbps) + injection Pass E3 HTTP (80 Mbps) + injection Pass E4 HTTP (80 Mbps, 536 MSS) + injection Pass E5 HTTP (200 Mbps) + injection Pass E6 HTTP (500 Mbps) + injection Pass E7 HTTP (500 Mbps, 536 MSS) + injection Pass E8 HTTP (750 Mbps) + injection N/A   F - Evasion List Test # Test Name Pass/Fail F1 Basic IP Fragmentation (ordered 8-byte) [fragrouter F1] Pass F2 Basic IP Fragmentation (ordered 24-byte) [fragrouter F2] Pass F3 Complex IP Fragmentation (ordered 8-byte IP fragments, one out of order) [fragrouter F3] Pass F4 Complex IP Fragmentation (ordered 8-byte IP fragments, one duplicate) [fragrouter F4] Pass F5 Complex IP Fragmentation (out of order 8-byte fragments, one duplicate) [fragrouter F5] Pass F6 Complex IP Fragmentation (ordered 8-byte fragments, marked last frag first) [fragrouter F6] Pass F7 Basic TCP segmentation (3-whs, ordered 1-byte segments, one out of order) [fragrouter T8] Pass F8 Complex TCP Segmentation (3-whs, bad TCP checksum FIN/RST, ordered 1-byte segments) [fragrouter T1] Pass F9 Complex TCP Segmentation (3-whs, ordered 1-byte segments, one duplicate) [fragrouter T3] Pass F10 Complex TCP Segmentation (3-whs, ordered 1-byte segments, one overwriting) [fragrouter T4] Pass F11 Complex TCP Segmentation (3-whs, ordered 2-byte segments, fwd-overwriting) [fragrouter T5] Pass F12 Complex TCP Segmentation (3-whs, ordered 1-byte segments, interleaved null segments) [fragrouter T7] Pass F13 Complex TCP Segmentation (3-whs, out of order 1-byte segments) [fragrouter T9] Pass F14 Complex TCP Segmentation (3-whs, ordered 1-byte segments, interleaved SYN) [fragrouter C2] Pass F15 Complex TCP Segmentation (ordered 1-byte null segments, 3-whs, ordered 1-byte segments) [fragrouter C3] Pass F16 Complex TCP Segmentation (3-whs, RST, 3-whs, ordered 1-byte segments) [fragrouter R1] Pass F17 Delayed injection @ 100,000 sessions Pass F18 Delayed injection @ 250,000 sessions Pass F19 Delayed injection @ 500,000 sessions Pass F20 HTTP obfuscation (hex encoding) Pass F21 HTTP obfuscation (double hex encoding) Pass F22 HTTP obfuscation (Unicode / UTF-8 encoding) Pass F23 HTTP obfuscation (self-referential directories) [whisker -I 2] Pass F24 HTTP obfuscation (premature URL ending) [whisker -I 3] Pass F25 HTTP obfuscation (prepend long string) [whisker -I 4] Pass F26 HTTP obfuscation (fake URL parameter) [whisker -I 5] Pass F27 HTTP obfuscation (case sensitivity) [whisker -I 7] Pass F28 HTTP obfuscation (Windows directory syntax) [whisker -I 8] Pass F29 HTTP obfuscation (session splicing) [whisker -I 9] Pass F30 HTTP obfuscation (connection reuse) Pass F31 HTTP obfuscation (version 0.9) Pass F32 HTTP obfuscation (version 1.0) Pass F33 HTTP obfuscation (version 1.1) Pass   About OSEC | Test Criteria | Test Results | Resources Copyright 2004, Neohapsis, Inc.