OSEC NIDS v1.0 - Sourcefire NS3020F 2.6.0 Test Summary
|
| |
|
| A
- Device Integrity Checking |
| Test # |
Test Name |
Pass/Fail |
|
A1 |
Listening Service
Inventory |
Completed |
|
A2 |
Known-vulns check |
Pass |
|
A3 |
SNMP v1 Protos Tests |
Pass |
|
A4 |
Routable ISIC protocol
mix To |
Pass |
|
A5 |
Routable ISIC protocol
mix Through |
Pass |
|
A6 |
Unfiltered ISIC protocol
mix To |
Pass |
|
A7 |
Unfiltered ISIC protocol
mix Through |
Pass |
|
A8 |
TCP / ISN generation
test |
Pass |
| |
|
| B
- Signature baseline |
| |
| Test # |
Test Name |
Pass/Fail |
|
B1 |
Mainstream attack
baseline |
Pass |
|
B2 |
Modified attacks |
Pass |
| |
|
| C
- State Test |
| |
| Test # |
Test Name |
Pass/Fail |
|
C1 |
State Confirmation
Test |
Pass |
|
C2 |
Tool dry-run |
Pass |
|
C3 |
Low session, small
address block |
Pass |
|
C4 |
Low session, large
address block |
Pass |
|
C5 |
Medium session,
small address block |
Pass |
|
C6 |
Medium session,
large address block |
Pass |
|
C7 |
Medium session,
small address block |
Pass |
|
C8 |
Medium session,
large address block |
Pass |
|
C9 |
High session, small
address block |
Pass |
|
C10 |
High session, large
address block |
Pass |
| |
|
| D
- Discard Test |
| Test # |
Test Name |
Pass/Fail |
|
D1 |
Tool dry-run |
N/A |
|
D2 |
Bogus port and injection
(10 Mbps) |
N/A |
|
D3 |
Bogus port and injection
(80 Mbps) |
N/A |
|
D4 |
Bogus port and injection
(200 Mbps) |
N/A |
|
D5 |
Bogus port and injection
(500 Mbps) |
N/A |
|
D6 |
Bogus port and injection
(750 Mbps) |
N/A |
|
D7 |
Valid port and injection
(10 Mbps) |
N/A |
|
D8 |
Valid port and injection
(80 Mbps) |
N/A |
|
D9 |
Valid port and injection
(200 Mbps) |
N/A |
|
D10 |
Valid port and injection
(500 Mbps) |
N/A |
|
D11 |
Valid port and injection
(750 Mbps) |
N/A |
|
D12 |
Invalid traffic (64byte
frames) |
N/A |
| |
|
| E
- Engine flex |
| |
| Test # |
Test Name |
Pass/Fail |
|
E1 |
Tool dry-run |
Pass |
|
E2 |
HTTP (10 Mbps) +
injection |
Pass |
|
E3 |
HTTP (80 Mbps) +
injection |
Pass |
|
E4 |
HTTP (80 Mbps, 536
MSS) + injection |
Pass |
|
E5 |
HTTP (200 Mbps) +
injection |
Pass |
|
E6 |
HTTP (500 Mbps) +
injection |
Pass |
|
E7 |
HTTP (500 Mbps,
536 MSS) + injection |
Pass |
|
E8 |
HTTP (750 Mbps) +
injection |
Pass |
| |
|
| F
- Evasion List |
| Test # |
Test Name |
Pass/Fail |
|
F1 |
Basic IP Fragmentation
(ordered 8-byte) [fragrouter F1] |
Pass |
|
F2 |
Basic IP Fragmentation
(ordered 24-byte) [fragrouter F2] |
Pass |
|
F3 |
Complex IP Fragmentation
(ordered 8-byte IP fragments, one out of order) [fragrouter
F3] |
Pass |
|
F4 |
Complex IP Fragmentation
(ordered 8-byte IP fragments, one duplicate) [fragrouter F4] |
Pass |
|
F5 |
Complex IP Fragmentation
(out of order 8-byte fragments, one duplicate) [fragrouter F5] |
Pass |
|
F6 |
Complex IP Fragmentation
(ordered 8-byte fragments, marked last frag first) [fragrouter
F6] |
Pass |
|
F7 |
Basic TCP segmentation
(3-whs, ordered 1-byte segments, one out of order) [fragrouter
T8] |
Pass |
|
F8 |
Complex TCP Segmentation
(3-whs, bad TCP checksum FIN/RST, ordered 1-byte segments) [fragrouter
T1] |
Pass |
|
F9 |
Complex TCP Segmentation
(3-whs, ordered 1-byte segments, one duplicate) [fragrouter
T3] |
Pass |
|
F10 |
Complex TCP Segmentation
(3-whs, ordered 1-byte segments, one overwriting) [fragrouter
T4] |
Pass |
|
F11 |
Complex TCP Segmentation
(3-whs, ordered 2-byte segments, fwd-overwriting) [fragrouter
T5] |
Pass |
|
F12 |
Complex TCP Segmentation
(3-whs, ordered 1-byte segments, interleaved null segments)
[fragrouter T7] |
Pass |
|
F13 |
Complex TCP Segmentation
(3-whs, out of order 1-byte segments) [fragrouter T9] |
Pass |
|
F14 |
Complex TCP Segmentation
(3-whs, ordered 1-byte segments, interleaved SYN) [fragrouter
C2] |
Pass |
|
F15 |
Complex TCP Segmentation
(ordered 1-byte null segments, 3-whs, ordered 1-byte segments)
[fragrouter C3] |
Pass |
|
F16 |
Complex TCP Segmentation
(3-whs, RST, 3-whs, ordered 1-byte segments) [fragrouter R1] |
Pass |
|
F17 |
Delayed injection
@ 100,000 sessions |
Pass |
|
F18 |
Delayed injection
@ 250,000 sessions |
Pass |
|
F19 |
Delayed injection
@ 500,000 sessions |
Pass |
|
F20 |
HTTP obfuscation
(hex encoding) |
Pass |
|
F21 |
HTTP obfuscation
(double hex encoding) |
Pass |
|
F22 |
HTTP obfuscation
(Unicode / UTF-8 encoding) |
Pass |
|
F23 |
HTTP obfuscation
(self-referential directories) [whisker -I 2] |
Pass |
|
F24 |
HTTP obfuscation
(premature URL ending) [whisker -I 3] |
Pass |
|
F25 |
HTTP obfuscation
(prepend long string) [whisker -I 4] |
Pass |
|
F26 |
HTTP obfuscation
(fake URL parameter) [whisker -I 5] |
Pass |
|
F27 |
HTTP obfuscation
(case sensitivity) [whisker -I 7] |
Pass |
|
F28 |
HTTP obfuscation
(Windows directory syntax) [whisker -I 8] |
Pass |
|
F29 |
HTTP obfuscation
(session splicing) [whisker -I 9] |
Pass |
|
F30 |
HTTP obfuscation
(connection reuse) |
Pass |
|
F31 |
HTTP obfuscation
(version 0.9) |
Pass |
|
F32 |
HTTP obfuscation
(version 1.0) |
Pass |
|
F33 |
HTTP obfuscation
(version 1.1) |
Pass |
| |
|
