LOCATION: Neohapsis / OSEC / Test Results / ISS RealSecure 7.0 / Test Summary About OSEC Test Criteria Test Results Resources ISS RealSecure 7.0 Test Summary OSEC NIDS v1.0 - ISS Test Summary   A - Device Integrity Checking Test # Test Name Pass/Fail Notes A1 Listening Service Inventory Completed A2 Known-vulns check Pass A3 SNMP v1 Protos Tests Pass A4 Routable ISIC protocol mix TO Pass A5 Routable ISIC protocol mix THROUGH Pass A6 Unfiltered ISIC protocol mix To Pass A7 Unfiltered ISIC protocol mix Through Pass A8 TCP / ISN generation test Pass   B - Signature baseline Test # Test Name Pass/Fail Notes B1 Mainstream attack baseline Pass B2 Modified attacks Pass   C - State Test Test # Test Name Pass/Fail Notes C1 State Confirmation Test Pass C2 Tool dry-run Pass C3 "Low session, small address block" Pass C4 "Low session, large address block" Pass C5 "Medium session, small address block" Pass C6 "Medium session, large address block" Pass C7 "Medium session, small address block" Pass C8 "Medium session, large address block" Pass C9 "High session, small address block" Pass C10 "High session, large address block" Pass   D - Discard Test Test # Test Name Pass/Fail Notes D1 Tool dry-run Pass D2 Bogus port and injection (10 Mbps) Pass D3 Bogus port and injection (80 Mbps) Pass D4 Bogus port and injection (200 Mbps) Pass D5 Bogus port and injection (500 Mbps) Pass D6 Bogus port and injection (750 Mbps) Pass D7 Valid port and injection (10 Mbps) Pass D8 Valid port and injection (80 Mbps) Pass D9 Valid port and injection (200 Mbps) Pass D10 Valid port and injection (500 Mbps) Pass D11 Valid port and injection (750 Mbps) Pass D12 Invalid traffic (64byte frames) Pass   E - Engine flex Test # Test Name Pass/Fail Notes E1 Tool dry-run Pass E2 HTTP (10 Mbps) + injection Pass E3 HTTP (80 Mbps) + injection Pass E4 "HTTP (80 Mbps, 536 MSS) + injection" Pass "2 false positives: telnet_abuse, TCP_port_scan" E5 HTTP (200 Mbps) + injection Pass E6 HTTP (500 Mbps) + injection Pass E7 "HTTP (500 Mbps, 536 MSS) + injection" N/A Some UDP attacks missed at peak packet/sec rates E8 HTTP (750 Mbps) + injection Pass   F - Evasion List Test # Test Name Pass/Fail Notes F1 Basic IP Fragmentation (ordered 8-byte) [fragrouter F1] Pass F2 Basic IP Fragmentation (ordered 24-byte) [fragrouter F2] Pass F3 "Complex IP Fragmentation (ordered 8-byte IP fragments, one out of order) [fragrouter F3]" Pass F4 "Complex IP Fragmentation (ordered 8-byte IP fragments, one duplicate) [fragrouter F4]" Pass F5 "Complex IP Fragmentation (out of order 8-byte fragments, one duplicate) [fragrouter F5]" Pass F6 "Complex IP Fragmentation (ordered 8-byte fragments, marked last frag first) [fragrouter F6]" Pass F7 "Basic TCP segmentation (3-whs, ordered 1-byte segments, one out of order) [fragrouter T8]" Pass F8 "Complex TCP Segmentation (3-whs, bad TCP checksum FIN/RST, ordered 1-byte segments) [fragrouter T1]" Pass F9 "Complex TCP Segmentation (3-whs, ordered 1-byte segments, one duplicate) [fragrouter T3]" Pass F10 "Complex TCP Segmentation (3-whs, ordered 1-byte segments, one overwriting) [fragrouter T4]" Pass F11 "Complex TCP Segmentation (3-whs, ordered 2-byte segments, fwd-overwriting) [fragrouter T5]" Fail Caught neither Unicode nor RDS F12 "Complex TCP Segmentation (3-whs, ordered 1-byte segments, interleaved null segments) [fragrouter T7]" Fail "Caught RDS, but not Unicode" F13 "Complex TCP Segmentation (3-whs, out of order 1-byte segments) [fragrouter T9]" Pass F14 "Complex TCP Segmentation (3-whs, ordered 1-byte segments, interleaved SYN) [fragrouter C2]" Pass F15 "Complex TCP Segmentation (ordered 1-byte null segments, 3-whs, ordered 1-byte segments) [fragrouter C3]" Pass F16 "Complex TCP Segmentation (3-whs, RST, 3-whs, ordered 1-byte segments) [fragrouter R1]" Pass F17 "Delayed injection @ 100,000 sessions" Pass F18 "Delayed injection @ 250,000 sessions" Pass F19 "Delayed injection @ 500,000 sessions" Pass F20 HTTP obfuscation (hex encoding) Pass F21 HTTP obfuscation (double hex encoding) Pass F22 HTTP obfuscation (Unicode / UTF-8 encoding) Pass F23 HTTP obfuscation (self-referential directories) [whisker -I 2] Pass F24 HTTP obfuscation (premature URL ending) [whisker -I 3] Pass F25 HTTP obfuscation (prepend long string) [whisker -I 4] Pass F26 HTTP obfuscation (fake URL parameter) [whisker -I 5] Pass F27 HTTP obfuscation (case sensitivity) [whisker -I 7] Pass F28 HTTP obfuscation (Windows directory syntax) [whisker -I 8] Pass F29 HTTP obfuscation (session splicing) [whisker -I 9] Pass F30 HTTP obfuscation (connection reuse) Pass F31 HTTP obfuscation (version 0.9) Pass F32 HTTP obfuscation (version 1.0) Pass F33 HTTP obfuscation (version 1.1) Pass   About OSEC | Test Criteria | Test Results | Resources Copyright 2002, Neohapsis, Inc.