home Contact Customer Jobs
Want to know what's new @ Mu? Enter your email address to receive Mu Dynamics news.

"After deploying Mu's Mu-4000 Analyzer, understanding our customer's network availability and security issues during highly complex network changes became a tractable problem. We have been pleased with the commitment and support provided to us by the Mu Dynamics team and with the system's ability to help us proactively identify complex security issues in widely varying VoIP and underlying SIP configurations. "

Vijay Nadkarni
Vice President, Engineering
Veraz Networks


 |   |   |   |   

Denial of Service Analysis

The Denial of Service (DoS) Analysis module allows characterization of the effects on a service when stateless traffic is sent at specific rates. Whereas mutation analysis is about exercising individual service interfaces using a wide range of stateful variations in protocols, DoS analysis probes service transaction limits in processing large amounts of stateless traffic.

 

Denial of Service Tech Demo

What is DoS?


Example DoS Response Time Chart


The DoS module is comprised of the stateless packet, the traffic pattern and a service monitor used to characterize the effect on the service. Stateless packets from layer-2 through layer-7 can be easily modeled using the intuitive editor. Various parts of each stateless packet can also be randomized to generate arbitrary variations of this packet. Over 40 templates are shipped with the Mu-4000 representing well-known attacks (e.g., SYN flood, SIP INVITE DoS, Slammer Worm, Ping of Death, etc.).

What is DOS/DDOS?

The Mu-4000 transmits the DoS traffic statelessly against a service and uses any instrumentation to assess the effects on the ongoing health of that service.  In order to create custom packets for arbitrary protocols, the DoS module also has the ability to import packet captures that then subsequently be used to model the stateless packet.

DoS Example

When the Mu-4000 is used to direct a TCP SYN flood at port 80 (HTTP), on a UTM's management interface, the UTM will suffer a DHCP server outage. The DHCP outage always occurs at the same rate of HTTP TCP SYN flood traffic. It's quite repeatable...but this begs an important question: What does DHCP have to do with HTTP?

 This example shows that the most important thing when testing for DoS conditions is flexibility: To independently define the attack traffic and the rate profile; to monitor any other protocol on which the service depends; and to be able to repeat these conditions at will. 

 Related Collateral


 
Products | Solutions | Resources | Support | News & Events | Company | Labs | Contact | Home