Want to know what's new @ Mu? Enter your email address to receive Mu Dynamics news.
"The Mu Test Suite uses intelligent fuzzing logic to expose security weaknesses and performance issues in any device that talks to a network. Intelligent, wizard-driven workflow makes tests a snap to configure, and the security profiles produced are top notch. The Mu can even generate exploit binaries for newly discovered vulnerabilities.
"
The Denial of Service (DoS) Simulation Module allows
characterization of the effects on a service when stateless traffic is sent at
specific rates. Whereas the Service-Level Traffic Variations Module is about exercising individual service interfaces using a range of stateful
variations in protocols (or created from user-defined packet captures or other inputs), the DoS module probes service transaction limits
in processing large amounts of stateless traffic.
The DoS Module is comprised of the
definition of the stateless packet template, the traffic pattern and a service monitor(s) used to
characterize the effect on the service. SNMP can also be used to measure the effects of the DoS traffic on the target network.
Stateless packet templates from layer-2 through
layer-7 can be easily created using the intuitive editor. Various parts of each
stateless packet can also be randomized at run-time to generate arbitrary variations of
this packet. Over 40 templates are shipped with the Mu Test Suite, representing
well-known attacks (e.g., TCP SYN flood, SIP INVITE DoS, Slammer Worm, Ping of
Death, etc.).
What is DOS/DDOS?
DoS Example
When
the Mu solution directs a TCP SYN flood at port 80 (HTTP), on a UTM's
management interface, this particular UTM is observed to suffer a DHCP server outage. The DHCP outage
always occurs at the same rate of HTTP TCP SYN flood traffic. It's quite
repeatable...but this begs an important question: Why does DHCP have to do with
HTTP? It's apparent that since all active services in a single device share the same CPU and memory resources, each service must be tested for DoS sensitivity while monitoring the other active services.
This example shows that the
most important thing when testing for DoS conditions is flexibility: To
independently define the attack traffic and the rate profile governing the delivery of that traffic; to monitor any
other protocols or services active within the device; and to be able to repeat these
conditions at will.
The Mu Test Suite transmits the DoS
traffic statelessly against a service and uses any defined Instrumentation to assess
the effects on the ongoing health of that service. In order to create custom packets for
arbitrary protocols, the DoS module also has the ability to import packet
captures that then subsequently be used to model the stateless packet.
