OSEC NIDS v1.0 - IntruVert Test Summary
|
| |
|
| A - Device Integrity Checking |
| Test # |
Test Name |
Pass/Fail |
| A1 |
Listening Service Inventory |
Completed |
| A2 |
Known-vulns check |
Pass |
A3 |
SNMP v1 Protos Tests |
Pass |
| A4 |
Routable ISIC protocol mix To |
Pass |
| A5 |
Routable ISIC protocol mix Through |
Pass |
| A6 |
Unfiltered ISIC protocol mix To |
Pass |
| A7 |
Unfiltered ISIC protocol mix Through |
Pass |
| A8 |
TCP / ISN generation test |
Pass |
| |
|
| B - Signature baseline |
| |
| Test # |
Test Name |
Pass/Fail |
| B1 |
Mainstream attack baseline |
Pass |
| B2 |
Modified attacks |
Pass |
| |
|
| C - State Test |
| |
| Test # |
Test Name |
Pass/Fail |
| C1 |
State Confirmation Test |
Pass |
| C2 |
Tool dry-run |
Pass |
| C3 |
"Low session, small address block" |
Pass |
| C4 |
"Low session, large address block" |
Pass |
| C5 |
"Medium session, small address block" |
Pass |
| C6 |
"Medium session, large address block" |
Pass |
| C7 |
"Medium session, small address block" |
Pass |
| C8 |
"Medium session, large address block" |
Pass |
| C9 |
"High session, small address block" |
Pass |
| C10 |
"High session, large address block" |
Pass |
| |
|
| D - Discard Test |
| Test # |
Test Name |
Pass/Fail |
| D1 |
Tool dry-run |
Pass |
| D2 |
Bogus port and injection (10 Mbps) |
Pass |
| D3 |
Bogus port and injection (80 Mbps) |
Pass |
| D4 |
Bogus port and injection (200 Mbps) |
Pass |
| D5 |
Bogus port and injection (500 Mbps) |
Pass |
| D6 |
Bogus port and injection (750 Mbps) |
Pass |
| D7 |
Valid port and injection (10 Mbps) |
Pass |
| D8 |
Valid port and injection (80 Mbps) |
Pass |
| D9 |
Valid port and injection (200 Mbps) |
Pass |
| D10 |
Valid port and injection (500 Mbps) |
Pass |
| D11 |
Valid port and injection (750 Mbps) |
Pass |
| D12 |
Invalid traffic (64byte frames) |
Pass |
| |
|
| E - Engine flex |
| |
| Test # |
Test Name |
Pass/Fail |
| E1 |
Tool dry-run |
Pass |
| E2 |
HTTP (10 Mbps) + injection |
Pass |
| E3 |
HTTP (80 Mbps) + injection |
Pass |
| E4 |
"HTTP (80 Mbps, 536 MSS) + injection" |
Pass |
| E5 |
HTTP (200 Mbps) + injection |
Pass |
| E6 |
HTTP (500 Mbps) + injection |
Pass |
| E7 |
"HTTP (500 Mbps, 536 MSS) + injection" |
Pass |
| E8 |
HTTP (750 Mbps) + injection |
Pass |
| |
|
| F - Evasion List |
| Test # |
Test Name |
Pass/Fail |
| F1 |
Basic IP Fragmentation (ordered 8-byte) [fragrouter F1] |
Pass |
| F2 |
Basic IP Fragmentation (ordered 24-byte) [fragrouter F2] |
Pass |
| F3 |
"Complex IP Fragmentation (ordered 8-byte IP fragments, one out of order) [fragrouter F3]" |
Pass |
| F4 |
"Complex IP Fragmentation (ordered 8-byte IP fragments, one duplicate) [fragrouter F4]" |
Pass |
| F5 |
"Complex IP Fragmentation (out of order 8-byte fragments, one duplicate) [fragrouter F5]" |
Pass |
| F6 |
"Complex IP Fragmentation (ordered 8-byte fragments, marked last frag first) [fragrouter F6]" |
Pass |
| F7 |
"Basic TCP segmentation (3-whs, ordered 1-byte segments, one out of order) [fragrouter T8]" |
Pass |
| F8 |
"Complex TCP Segmentation (3-whs, bad TCP checksum FIN/RST, ordered 1-byte segments) [fragrouter T1]" |
Pass |
| F9 |
"Complex TCP Segmentation (3-whs, ordered 1-byte segments, one duplicate) [fragrouter T3]" |
Pass |
| F10 |
"Complex TCP Segmentation (3-whs, ordered 1-byte segments, one overwriting) [fragrouter T4]" |
Pass |
| F11 |
"Complex TCP Segmentation (3-whs, ordered 2-byte segments, fwd-overwriting) [fragrouter T5]" |
Pass |
| F12 |
"Complex TCP Segmentation (3-whs, ordered 1-byte segments, interleaved null segments) [fragrouter T7]" |
Pass |
| F13 |
"Complex TCP Segmentation (3-whs, out of order 1-byte segments) [fragrouter T9]" |
Pass |
| F14 |
"Complex TCP Segmentation (3-whs, ordered 1-byte segments, interleaved SYN) [fragrouter C2]" |
Pass |
| F15 |
"Complex TCP Segmentation (ordered 1-byte null segments, 3-whs, ordered 1-byte segments) [fragrouter C3]" |
Pass |
| F16 |
"Complex TCP Segmentation (3-whs, RST, 3-whs, ordered 1-byte segments) [fragrouter R1]" |
Pass |
| F17 |
"Delayed injection @ 100,000 sessions" |
Pass |
| F18 |
"Delayed injection @ 250,000 sessions" |
Pass |
| F19 |
"Delayed injection @ 500,000 sessions" |
Pass |
| F20 |
HTTP obfuscation (hex encoding) |
Pass |
| F21 |
HTTP obfuscation (double hex encoding) |
Pass |
| F22 |
HTTP obfuscation (Unicode / UTF-8 encoding) |
Pass |
| F23 |
HTTP obfuscation (self-referential directories) [whisker -I 2] |
Pass |
| F24 |
HTTP obfuscation (premature URL ending) [whisker -I 3] |
Pass |
| F25 |
HTTP obfuscation (prepend long string) [whisker -I 4] |
Pass |
| F26 |
HTTP obfuscation (fake URL parameter) [whisker -I 5] |
Pass |
| F27 |
HTTP obfuscation (case sensitivity) [whisker -I 7] |
Pass |
| F28 |
HTTP obfuscation (Windows directory syntax) [whisker -I 8] |
Pass |
| F29 |
HTTP obfuscation (session splicing) [whisker -I 9] |
Pass |
| F30 |
HTTP obfuscation (connection reuse) |
Pass |
| F31 |
HTTP obfuscation (version 0.9) |
Pass |
| F32 |
HTTP obfuscation (version 1.0) |
Pass |
| F33 |
HTTP obfuscation (version 1.1) |
Pass |
| |
|
| G - In-line |
| |
| Test # |
Test Name |
Pass/Fail |
| G1 |
Tool dry-run |
Pass |
| G2 |
HTTP (1500 Mbps) + injection |
Pass |
