다음의 백과 사전을 찾아보니 아래와 같은 용어 해설이 있습니다.
('때려 눕히다'라는 뜻의 알공킨어 otomahuk에서 유래)
초기의 토마호크는 동물의 힘줄을 써서 도끼날을 손잡이에 묶거나 그곳에 구멍을 뚫어 양쪽에 날이 있는 돌을 끼워 만들었다. 유럽인과 접촉하면서부터는 대개 교역을 통해 얻은 쇠로 날을 만들었다. 화려한 조각과 깃털로 장식한 둥근 머리의 곤봉이 전쟁과 의식에서 쓰였는데, 이것도 토마호크로 불렸다. 1970년대초 미국은 해군의 수중발사 순항 미사일에도 토마호크라는 명칭을 붙였다.
제가 이야기 하려는 것은 이런 돌도끼도, 미국 항모에 탑재된 미사일도 아닙니다.
오픈 소스 IPS 테스팅 소프트웨어인 토마호크를 소개 합니다.
등장은 2004년에 하였고 , 2006년까지는 업데이트가 되었던 제품이며 , 오픈소스 IDS , IPS 테스팅 소프트웨어 입니다.
성능이나, 보안테스팅이 가능한 토마호크를 한번 사용해 보시는 것도 좋을 것 같네요.
Tomahawk is a command line tool for testing network-based intrusion prevention systems (NIPS). To date, the tools for testing NIPS have been expensive and limited in functionality. They are typically designed for testing other products, such as switches (e.g., SmartBits/ IXIA), server infrastructure (e.g., WebAvalanche), or Firewalls and Intrusion Detection Systems (Firewall Informer or IDS Informer). None of these tools simulate the harsh environment of real networks under attacks.
Tomahawk is designed to fill this gap. It can be used to test the throughput and blocking capabilities of network-based intrusion prevention systems (NIPS).
The throughput of many NIPSs is highly dependent on the protocol mix. A NIPS must reassemble and inspect application level data encapsulated in network traffic. It must decode network and application level protocols. Since some protocols are more computationally intensive to decode than others, the effect a NIPS has on network performance can be highly dependent on the protocol mix that must flow through the NIPS.
Tomahawk can test the throughput of a NIPS using the most realistic mix of protocols possible: one obtained by taking a sample of traffic from the network and replaying it. A single Tomahawk server can generate 200-450 Mbps of traffic. By using multiple servers and aggregating the traffic through a switch, 1 Gbps or more of traffic can be replayed through the NIPS.
Tomahawk can also test the connections/second rating of a NIPS. By capturing a packet trace that contains a simple connection setup and teardown (6 packets: SYN, SYN_ACK, ACK, FIN_ACK, FIN_ACK, ACK) and replaying the traffic using Tomahawk, a single PC can generate 25-50 thousand connections/second of network traffic. With 3 inexpensive PCs, about 90K connections/sec can be generated, enough to test the limits of any NIPS.
In addition to throughput testing, Tomahawk can test the blocking capabilities of a NIPS by replaying attacks embedded in packet traces. Tomahawk reports if an attack completes or is blocked, allowing independent verification of the attack blocking capabilities in a NIPS.
By replaying the same attack hundreds of times, Tomahawk can also test how reliably a NIPS blocks an attack. A NIPS that blocks an attack only 9 in 10 times is not worth much in a worm outbreak.
Tomahawk compiles under RedHat 7.* and later. We recommend a 1.4 GHz + Pentium with at least 512 MB and 3 NICs, 2 of wich are Gigabit NICs.
- Tomahawk is licensed under the Reciprocal Public License
To compile Tomahawk, you'll need to get Libnet 1.02a and Libpcap 0.8.1, as well as the Tomahawk source:
- Libnet 1.02a on Packet Factory
- Libpcap on SourceForge
- tomahawk1.1.tgz -- Release 1.1 of Tomahawk
- Changes from 1.0 to 1.1
- tomahawk1.0.tar.gz -- Release 1.0 of Tomahawk
For your convenience, the following binaries are available:
- email@example.com -- General discussion list for users of Tomahawk. Join this mailing list
- firstname.lastname@example.org -- Questions, bug reports for the developers of Tomahawk. Join this mailing list
We welcome enhancements to Tomahawk. While it is managable, I'll coordinate the enhancements manually. Please email me patches and other enhancements. If this becomes unmanageable, we'll start using CVS to manage the project.
원문은 http://tomahawk.sourceforge.net/ 를 참고 하시기 바랍니다.