home Live Chat with Mu Dynamics Customer Jobs
Want to know what's new @ Mu? Enter your email address to receive Mu Dynamics news.

"The Mu Test Suite uses intelligent fuzzing logic to expose security weaknesses and performance issues in any device that talks to a network. Intelligent, wizard-driven workflow makes tests a snap to configure, and the security profiles produced are top notch. The Mu can even generate exploit binaries for newly discovered vulnerabilities. "

Roger Grimes
Analyst
InfoWorld


Follow Mu on Twitter  |  Mu Facebook Page  |  Mu videos on YouTube  |  pcapr.net  |  Mu Line  |  Mu Labs  

Denial of Service Simulation Module

The Denial of Service (DoS) Simulation Module allows characterization of the effects on a service when stateless traffic is sent at specific rates. Whereas the Service-Level Traffic Variations Module is about exercising individual service interfaces using a  range of stateful variations in protocols (or created from user-defined packet captures or other inputs), the DoS module probes service transaction limits in processing large amounts of stateless traffic.

 

Denial of Service Tech Demo

What is DoS?


Example DoS Response Time Chart


The DoS Module is comprised of the definition of the stateless packet template, the traffic pattern and a service monitor(s) used to characterize the effect on the service. SNMP can also be used to measure the effects of the DoS traffic on the target network.

Stateless packet templates from layer-2 through layer-7 can be easily created using the intuitive editor. Various parts of each stateless packet can also be randomized at run-time to generate arbitrary variations of this packet. Over 40 templates are shipped with the Mu Test Suite, representing well-known attacks (e.g., TCP SYN flood, SIP INVITE DoS, Slammer Worm, Ping of Death, etc.).

What is DOS/DDOS?

DoS Example

When the Mu solution directs a TCP SYN flood at port 80 (HTTP), on a UTM's management interface, this particular UTM is observed to suffer a DHCP server outage. The DHCP outage always occurs at the same rate of HTTP TCP SYN flood traffic. It's quite repeatable...but this begs an important question: Why does DHCP have to do with HTTP? It's apparent that since all active services in a single device share the same CPU and memory resources, each service must be tested for DoS sensitivity while monitoring the other active services.

This example shows that the most important thing when testing for DoS conditions is flexibility: To independently define the attack traffic and the rate profile governing the delivery of that traffic; to monitor any other protocols or services active within the device; and to be able to repeat these conditions at will. 

The Mu Test Suite transmits the DoS traffic statelessly against a service and uses any defined Instrumentation to assess the effects on the ongoing health of that service.  In order to create custom packets for arbitrary protocols, the DoS module also has the ability to import packet captures that then subsequently be used to model the stateless packet.

 Related Collateral


 
Products | Solutions | Resources | Support | News & Events | Company | Labs | Contact | Home