DDoS Attack Testing and Verification Solutions andVerification Testing Attack DDoS of Service Denial Distributed integrity. networks solutions canXena’s help test companies and their operators test security products high Xena toneed tested be thoroughly to and verified being activated. prior aremany fordollars. securitypreventing There attacks systems DDoS traffic,with bogus thethe victims network paralyzing andcosting millions potentially threat aroundto targetshosts the multiple Attackersuse swamp toworld. businesses First around 2000, seen Distributed Denial OVERVIEW Xena -
performance products and ample features. Going beyond generating traffic,performance Going products DDoS and ample beyond features. offers a complete testfor mitigation security DDoS solution with and network
Networks Networks
and continuity detect thereby flaws, business ensuring business and preserve
–
Global in Gigabit Price/PerformanceEthernet Leaders Testing - of - Service (DDoS) areattacks a serious
–
and they alland
– www.xenanetworks.com of WHITE PAPER WHITE
DUT”.the for network scenariosrealistic toensuretraffic captured same the inexactly communicate so client traffic andserver “Xenacomplex recreates
order as as order the
WHITE PAPER Xena
CONCLUSION INTRODUCTION Contents Networks Networks ImportingTraffic Captured as Template DDoSXena Test andSolutions Verification TCP Sequence Teardrop Attack ARP Spoofing SmurfAttack FloodPing ofPing Death UDP Flood Attack UnderstandingAttacks Different DDoS DDOS and Attacks Business Disruption
–
Global in Gigabit Price/PerformanceEthernet Leaders Testing
......
......
......
......
Prediction Attack Distributed Denial ofDistributed Denial Service
...... DDoS Attack Testingand Attack Verification DDoS Solutions ......
......
......
......
...... – www.xenanetworks.com
......
14 13 12 11 10
5 4 3 9 9 8 7 6
WHITE PAPER Xena
emulate trafficfor DDoS mitigation and verification. testing attacks, innovative technology Xena’s and how and high Whiteexamples provides disrupt of Paper DDoS business, how theThis various types of DDoS thoroughly tested before roll and verified out. etc.ISPs, Moreor security importantly, software be need these solutions, firewalls, devices, it vital is Thus, telecom deployenterprises, to operators, into network securityproperly solutions and ofscale size the vict attacks in provider These more networks. can(DNS) cause servers dueto damages the serious infrastructure, the as aggregating such or the or routers core and switches, DomainNameSystem attacksDDoS nottargetthe at only individual websites 500 in Gbps 2015 of attacks DDoS with andGbps approachingthe increasingprogressively is 1 peak reaching size etc.),(firewalls, routers, switches, andmillio this can cost the victim traffic. network links network or paralyzedthe devices is servers, The tooverwhelmed due DDoS theAs attackers name suggests, aoverwhelm target multiple use to with to hosts bogus below. shown by 2020,2.6the17 global attackscan upto increase million, DDoS from Cisco Systems.21% traffic With IP annual the of growthrate prediction compound (CAGR), percent of a country’s total traffic internet according to ofno sign abatingtime It attackscan make10 anysoon. DDoS that much as estimated upas is Distributed denial DDOS INTRODUCTION Networks Networks
Millions of Attacks –
MAJOR NETWORK SECURITYTH – 2015 6.6
Global in Gigabit Price/PerformanceEthernet Leaders Testing
- - Global AttacksDDoS Forecast of enough to completely. offline bring most organizations enough - service (DDoS) attack is a growing threat to business around (DDoS) theattack threattoservice a withis growing world business
2016 im network. 8.4 2015 - 2020 (21%CAGR) 2020
2017 10.4
REAT 2018 12.7
edge of thethe network but of networkedge also 2016 VisualNetworking Index report - performance product to can beused performance
2019 15 - fold increase fromincrease 2015, as fold ns of averagens dollars. size The –
www.xenanetworks.com 2020 17.4
WHITE PAPER Xena
thelegitimate one number to Thus, difficulttheis it tooncelaunched. network operator, block Since attacks DDoS the and looks internet fromacross sometimes originate multiple hosts more than three hours. entire domain of BBS In early attack a suffered website DDoS 2016, BBC’s an extensive resultingtotal, outage. in the In estimati In 2015,the attack largestAsian with everDDoS hit network Arbor operator, Networks an at Morgan Fargo, Chase, JP Wells US Bancorp,Citigroup,and Bank. PNC targets w and atservers ofto web other compromised least hundreds USflood banks major used five their In 2012, disrupted operations attacks.Website US by banksDDoS of major were at America Bank offlineSensit by attack.a DDoS a blogIn April 2011, WordPress, attacksthe ability playersof off to hadkicking over 17 the anyaffect users, million network. In 2009,the popularfrequent gaming platform, Xboxt Live, became a can result and of in business. This a customers loss huge insecure. From andusage. zero the appear customerperspective, the unstable services and potentially If their cannotneed. the accounts access or users the data server on they thecompletely from performance, services accessing preventing server bring users down to network DDoS requests and consume computing resources, attacks or down can slow orexperience in for data your users w flooding security and servers availability. By attacksDDoS drastically impact noinvestmatter in high access, muchyou how providing rich a toponline. business, For today’s are moving monitored is fromLogistics offline and tracked the Businesses internet. to through expanding market Financial transactio shares. andubiquitous Mobile sharing. are developed experience access for and and apps websites user Many are companies heavily the Information internet. storedfor dependentis in the on cloud A DDOS Networks Networks ng trafficng hit of Gbps. 334 upwards ith above – ttacks
Global in Gigabit Price/PerformanceEthernet Leaders Testing and responsive access to throughonline access theand services responsive internet infrastructure. - and Business and Disruption average amounts of Internet traffic. The DDoS attacks DDoS oftraffic. InternetThe disruptions alsoaverage amounts caused -
including its on
ive data was probably taken, according to probablythe according ive was blog taken, host. data - hosting site with over 19 million blogs, was temporarilyhosting sitewas blogs, with overbrought 19 million - notch customer experience is critical is That requires notch customerexperience for success. - demand televisionradio player and demand
ns and mobile payments are processed online. are and processed mobilens payments
s, thereexperience zero s, is arget for attacks.The DDoS
– -
www.xenanetworks.com was unavailable for was - quality mobile ith garbage
WHITE PAPER Xena
will not anSYN. ACK it send because a neversent theto causing the server insend SYN the message, SYN malicious clientThe can either sen not floodA SYN attack, Figure to (see 3), by deliberatelyan notthe ACKworks to server. responding server: A normalconnection TCP (below) initiated3 is by a and make to the unresponsive legitimate system traffic. toof requests SYN a targetattempt to enoughresourc in anconsume flood SYN A a TCP is form of denial TCP SYN Attack Flood attack.the types of attacks: major DDoS are Here can be categorized are a involved as DoS attack. multiple When attack sources unavailableAny network resource attack a that attemptsto machine to ornetwork make users U to your customers. prioritytest and mitigationany defense toand is DDoS verify systems Networks Networks F nderstanding Different nderstanding Attacks DDoS
I igure igure 2:
1
P
9
3. 2. 1.
A
2
.
d
1
d
6
8
r Client message with replies an ACK withServer a acknowledges toClient the message a request server. SYN sends
e
.
6 Normal TCP ConnectionNormal TCP –
s
.
s
6
Global in Gigabit Price/PerformanceEthernet Leaders Testing
:
-
I
I
I of
P
P
P
SYN -
A
A
A service (DoS) attack where the attacker (DoS) aservice sequence attack where sends d theby expected spoofing address theIP ACK, source or
d
d
d
d
d
d
S
r
r
r
e
e
e -
Y ACK message toACK the message client.
s
s
s
S
A
N
s
s
s
:
:
:
Y
C
-
1
1
1
A
N
K
9
9
9
C
2
2
2
K
.
.
.
1
1
1
6
6
6
8
8
8 -
.
.
. way handshake between the between client handshake way and
6
5
6
.
.
.
6
8
6 -
ACK message to which ACK a false message address, IP
es toes paralyze the server before rolling out services
P –
o
r www.xenanetworks.com
t
O , it called is a DDoS
p
e
n
e
d
I
1
P
s
9
A
2
e
.
d
1
v
d
6
8
r
e
e
.
5
s
r
.
s
8
:
WHITE PAPER Xena
below). packets of to thespoof the the address returnedensure IP UDP ICMP packets do(see not arrive ICMPexcessive packets, eventually clients. attackers The itother can making al unreachable by theUnreachable packetforces target if cannot thetransmit host the application.to find host This forhost the checks application onprotocol, a remote target packetshost. toThe to a large ofsend number UDP random ports DoS attack Datagram This a the Protocolconnectionless computer User networking (UDP), uses Flood Attack UDP before they arein brought the online real world. are commerciallycountermeasures available. it solutions, However, test important is to those floodCountermeasures to SYN a TCP clients, legitimate of whether the because enoughresources. lack of orotherwise, connections cannot created client. connect by the to this the malicious At point, server any Either type of result theuse in excessive attack can Networks Networks 3: Figure
A
1
I
1
1
1
I
I
I
t
P
P
P
P
9
t
9
9
9
a
2
2
2
2
A
A
A
A
c
.
.
.
. TCP SYN flood SYN attackTCP –
1
1
1
1
k
d
d
d
d
6
6
6
6
e
d
d
d
d Global in Gigabit Price/PerformanceEthernet Leaders Testing
8
8
8
8
r
r
r
r
r
.
s
.
.
.
e
e
e
e
6
6
6
6
s
.
s
s
s
.
.
.
1
1
2
5
s
s
s
s
6
8
2
0
:
:
:
:
?
?
?
?
IP A d S I d Y P re A s N listening at that port, and replies with an ICMP Destination replies listening that port, at and s - d S : A I d Y 1 C P re 9 s N 2 K A s -A . d S : 1 d 6 S
S
S Y 1 C S IP r 9 8
e N K p
p
p 2 .6 p A s are listedttacks onthese49887 based in RFCand solutions
- o
o
o . o d S s: A 1 .1
o
o
o d 6 o Y 1 C 8 6
r f
f
f e 9 f N K
.
s 2 6 I
I
I
I
- P
P
P . P s: A .1 1
6 8
1 C
A
A
A 9 K 8 A
. S 2 d
d
d 6 d . . 1 d
d
d
d 6 2 Y
2 r
S
r
r
r
S
S
N
8 e
e
e . e
Y
s
Y 6 Y
s
s
s . -
s
A
s
s 5 s
N
N
N
0 :
:
:
:
C
1
1
1
1
9
K
9
9
9
2
2
2
2
.
.
.
.
1
1
1
1
6 of resources on thefor theof server resources half
6
6
6
8
8
8
8
.
.
.
.
6
6
6
6
I
.
.
.
.
1
P
1
1
2
5
9
6
8
2
0
A
2
.
d
1
d
6
8
r
e
.
6
s
.
s
6
:
IP A d d r S e Y s N s: 1 9
P –
P
P 2 P .
o
o 1 o
o
www.xenanetworks.com 6
r
r
r 8 r
t
t
t . t
6
O
O
O .6 O
p
p
p
p
e
e
e
e
n
n
n
n
e
e
e
e
d
d
d
d
t
a
I
r
1
P
9
g
A
2 -
.
e open
d
1
d
6
t
8
r
e
.
5
s
.
s
8 so so
:
WHITE PAPER Xena
theheader. When upwith target and an ends tothe attempts system fragments reassemble original packet IP contains.information the Offset kept it is This Fragment in in the field, IP fragmentation carry part information which fragment performed, eachIP to is about o needs the packets in Internet usually would malformed fragments.attackers When send Protocol, if crash would they 65,535not Some simplyhandle computercould historical larger packets, systems bytes. and of correct size a pingThe packet any typically is However, IPv4 56 packet bytes. large can beas as by system ofPing Death a is the type crash targetedtries of to DoS the attack computer attacker where or of Death Ping dueto memory constrains, they ofnumber sessions can also be vulnerable to attacks. flood firewall can stop firewallsthem. as are sta However, packetstraffic. ifmalicious potential the UDP will victim the The not to receive orrespond mitigationrate UDP to of ICMPalso out filter onrelies firewalls responses. unwanted network At flood theoperating tryattacks most UDP basic level, systems tomost by mitigate Networks Networks 4: Figure
I
1
I
I
I
I
I
1
1
P
1
1
1
P
P
A
P
P
P
9
9
9
9
9
9
t
2
A
2
A
A
2
t
A
A
A
2
2
2
.
a
.
1
.
.
.
.
d
d
d
1
d
d
d
1
1
1
1
c
6
d
6
d
d
6
d
d
d
6
6
6
k
8 UDP flood attack –
8
8
r sending malformedsending ormalicious ping packets.
8
8
8
r
r
r
r
r
e
.
e
e
e
e
e
e
.
6
.
.
.
.
r
6
6
6
6
6
s
s
s Global in Gigabit Price/PerformanceEthernet Leaders Testing
s
s
s
.
s
.
1
.
.
.
.
s
s
s
6
s
s
s
5
7
8
9
0
:
:
:
:
:
:
received one. Since sending a ping packet larger thanreceived one. Since65,535 alarger ping sending bytes packet violates
IC M P S
D p
e o
s o t i f n
I
a P t
i
o A
1
1 1 1 1 1
1 1 1 n 1
9
9 9 9 9 9
9 9 9 9
d
1 I
P
U 2
2 2 2 2 2
2 2 2 2
d
9
U
.
. . . . .
. . . .
r n
2
1
1 1 1 1 1
1 1 1 1
e A r
D
.
e 6
6 6 6 6 6
6 6 6 6
s
1 d a
P
8
8 8 8 8 8
8 8 8 8
s
6
d c
:
.
. . . . .
. . . .
8
h 6
6 6 6 6 6
6 6 6 6
r
1 . a
e
.
. . . . .
. . . .
1
9
1
6 6 7 8 9
5 6 7 b 8
s
8
2 le 0
s
.
.
6
1
:
6
8
.
6
U . D 5
teful devices, i.e. can only keep a limited teful devices, P
1
I
P
9
2
A
.
1
d
6
d
8
r
.
e
2
s
0
s
.
4
:
U D P
1
I
9
P
2
A
.
1
d
6
d
8
.
r
5
e
8
s
. –
s
1
:
6
I
1
t
P www.xenanetworks.com
9
a
A
2
r
.
d
U 1
g
d D 6
8 P r
e
e
.
5
s
t
.
s
8
:
limiting the
f the f
WHITE PAPER Xena
valid – bandwidth targeted than victim. to attack ability the the seeks host’s overwhelm to This respond fast without possible as waiting for (ping) attack Request ICMPpackets. Echo This most effectively ICMP by works sending packets as A ping the food attacktargeted a is simple the DoS attack host with attacker where overwhelms Flood Ping header of fragment eachIP smaller is than 65,535. fragmentIP to “TotalfieldsOffset” Length” that theinmake of the “Fragment sure sum and IP Oneto mitigation a fir use method is containtype of any protocol. of fragments, may only IP which theused as payload. problem in lies The the process reassembly f spoofed. A of Ping of Deathno detailed attackerthe needs targeted knowledge machine, except ofPing Death attacks the particularly identity because attacker’s effective were could beeasily the injection code. of malicious packet,oversized c buffer overflow could a occur,causing system Networks Networks or its IP address. The problem described above problem in described fact The to or its is which address. nothing has IP do with ICMP,
consume enoughof for its to cycles aconsume CPU user notice a slowdown significant 5: Figure
A
t
t
a requests.
c
k
e
r Ping ofPing Death attack –
Global in Gigabit Price/PerformanceEthernet Leaders Testing
F F F F F F F F
F F
r r r r r r r r
r r
a a a a a a a a
a a
g g g g g g g g
g g
m m m m m m m m
m m
e e e e e e e e
e e
n n n n n n n n
n n
t t t t t t t t
t t
e e e e e e e e
e e replies. It is most successful if It the most is successful attacker more has replies.
d d d d d d d d
d d
ewall to block ICMP ping messages, or checkeachincoming messages, ewall toICMP ping block
p p p p p p p p
p p
a a a a a a a a
a a
c c c c c c c c
c c
k k k k k k k k
k k
e e e e e e e e
e e
t t t t t t t t
t t
# # # # # # # #
# #
0 1 2 3 4 5 6 7
8 9
t
a
r
s
g
e
e
v rash andrash potentially allowing
t
e
r
I
C
M
P
,
p
r
a –
e
c
a
k www.xenanetworks.com
s
e
t
s
s
e –
i
m
z
e thereby blocking
b
>
l
e
6
5
5
1
5
o
B
v
e
u
r
f
f
f
l
e
o
r
w
WHITE PAPER Xena
machine within the ordirectly LAN is to the protocolforas target designed ARP it connected was spoofing attacksARP are ex attacker instead. the as default tosuch address tobe sent that IP gateway, trafficthe resulting boundfor in any aim to(LAN). is The of with associate theanother address the IP MAC host, attacker’s address to Resolutionattacker a Protocol l spoofed Address messages (ARP) sends poison routing, spoofing, ARP cachepoisoning,ARP are or all ARP types an of attackswhere Spoofing ARP replying traffic. will the render This targete the When oflarger, is number the devices address. victim’s computer will beflooded with Bydefault, aaddress. by reply sending on most to the devices network IP the will respond source are broadcast address tovictim’s network IP spoofeda source computer Smurf attack of a DDoS is in type largerICMPthe numbers which packets intended of with SmurfAttack Networks Networks 7: Figure 6: Figure
A A
t t
t t
a a
c c
k k
A
e e
r r
t
t
a
c Smurf attack
k – Ping floodPing attack
I
e
C
F Global in Gigabit Price/PerformanceEthernet Leaders Testing
r
M
T
r
o
o
P
:
m
E
2
:
c
0
2
h
0
0
o
.
1
0
.
R
.
1
1
e
.
.
2
5
q
5
.
u
1
5
e
0
s
t
tremely easy to long theas as tremelycarry attacker control outa has easy of
I C M
F
I
P I C F r
d host unresponsive.
o C
I
r
M C m E o
F c M
P M
m : h
r
o P
E P 2
: o
0
m
c
2
R
E 0
E h 0
: . e
c 0
o 1
c
2 q
h
. .
1 5 R
0 u h
o
. .
0 e e 5 1 o
R s q . . 0
1 1
t
u e R 0 .
5 e q
. e
s u
1
t e q
0
s u
t
e
s
t
(
p
i
n
g )
I
C
M
P
E
a
c
v
h
a
o
i
l
a
R
d
b
e
e
l
e
p
p
l
l
r
e
y
I
e
C using an broadcast IP using
I t C
s
T
e
M I
ocal area network
– C
M o
s T T
d
P
: M o o P o
2
: E : P
www.xenanetworks.com
u
E
0
2 2
c t
0 E
c r 0 0
h
a
c
h .
0 c 0
1
o
. o h . e
.
1 1
5
r R o
. R .
5 . 5 e
1
g
. e R .
p
1 0
p 1 e
0 l
l 0 y p
y e
l y
t
I
P
2
t
a
0
A
0
r
d
.
g
1
d
.
5
r
e
e
.
1
t
s
0
s
:
WHITE PAPER Xena
network protocol network between transmission of stack packets for the responsible is layer IP that intransmitted, The the (MTU). the transmission unit can be maximum called multiple ever because size packets of smaller fragmentationIP Protocol of (IP) datagram thebreakingis upa process singleInternet into fragmentation the overlap crashing the target one another, reassembly, packets network device. Since the packets cannot such them target reassemble receiving A teardrop that fragmentedinvolvesattack asending is DoS packetstarget attack to machine.a TeardropAttack integrated or oth Ethernet switches into are certified.static capability addresses This IP in may individualor hosts may beimplemented be techniques may beintegratedblocked. These that so with theserver both DHCP and dynamic form ofsome certification or cross configuredthe so all host ignores replay ARP packets. spoofing detection ARP on generally relies solution thatthe requests IP against spoofing include ARP staticDefenses entriesspoofing and detection. ARP ARP Static ARP middle (MITM), denialhijacking. of or session service, network, modifytraffic,all theman other in as traffic, anthe attackssuch orstop as opening for efficiency spoofing not may ARP to allow for anintercept security. attacker on frames data Networks Networks 8: Figure
1
1
0
0
.
.
1
1
.
.
1
1
.
.
1
A
1
A ARP SpoofingARP –
R
R
P
P
M Global in Gigabit Price/PerformanceEthernet Leaders Testing
C
C
A
C
a
B
a
C
C
c
B
c
I
:
h
P
h
C
:
A
B
e
e
C
B
1
A
:
:
0
C
:
B
A
.
C
B
1
A
:
:
.
B
C
1
:
B
C
A
.
5
A
:
A
"
A
1
0
.
1
.
1
.
1 - to
ó
G -
C MAC address mappings in the local ARP cachebestatically in mappings theARP address local MAC
A
C
R
:
P -
C checking of ARP responses. checking ofresponses. Unce ARP
C
:
C
C
: er networker equipment.
C
C
"
T
r y network link has a y networkcharacteristic link of has messages size
a
f
f
M
i
c
A
b
C
I
e
P
C
A A
f
C
o
t t
1
t t
a a
0
:
r
C
c c
e
.
1
k k
C
"
.
e e
1
:
1
C
r r
.
0
9
C
.
1
:
C
.
1
C
.
5
ó
T
G
r
C
a
A due to a in bug TCP/IP
M
f
C
R
f
i
A
:
c
P
C
C
I
a
P
C rtified ARP responses are rtified responses ARP
B
f
1
B
:
t
C
e
0
:
B
.
r
C
1
B
.
:
1
:
C
B
.
1
B
C –
:
B
"
B www.xenanetworks.com
1
1
0
0
.
.
1
1
.
.
1
1
.
.
5
5
A
A
R
R
P
P
C
C
C
A
a
a
C
A
c
c
:
h
h
:
C
A
e
e
C
A
:
:
A
C
A
C
:
:
A
C
A
C
a
WHITE PAPER Xena
controlled by the attacker. host, eventhoughsending the counterfeitfact packets may in be able to counterfeitthe send toreceiving to host will which seem originate packets the from to number by thethe host. correctlybe used If sequence sending this, they guess they can will do the packets in connection, a to TCP can beused which tocounterfeit attacker packets. hopes The prediction to used sequence number identifyAattack TCP sequence that the an is attack predicts Prediction Sequence AttackTCP them the causing overwhelm to victim’s servers, fail. fragments that overlap inandthe quickly this data overlap manner. a As result, packets partia mean that fragment fragment either overwritten A being or completely is that B, fragment by A is offsets thatoverlap within positioning theyeachother that the indicate in datagram. could This teardrop The attack tw when occurs position originalwithin in 8 measured the datagram, 13datalink The frames. endpoints, fr includes which Networks Networks 8: Figure lly being overwritten by fragment B. Some operating systems do notSomelly properly operating byhandlefragment being overwritten systems B.
A
t
t
a
c Teardrop attackTeardrop –
k
e Global in Gigabit Price/PerformanceEthernet Leaders Testing
r
F
F
p
p
r
r
a
a
a
a
g
g
c
c
m
m
k
k -
e
e bit Fragment Offset field in the IP header specifies the specifies fragment’sFragment bitthe field Offset header IP in
e
e
t
t
n
n
#
#
t
t
e
2
e
1
d
d
agmentation of larger packets into small ones for smallagmentation the ones supporting larger packets into of
I
I
P
P
2
2
H
0
H
0
b
b
e
e o fragments contained within the same IP datagram the IP o same fragments containedhave within
y
y
a
a
t
t
e
e
d
d
s
s
e
e
r
r
M
M
o
o
r
r
L
L
e
e
e
e
O
F
F
n
n
O
f
r
g
r
g
f
a
a
f
t
s
t
f
h
g
h
g
s
e
m
m
e
=
t
=
t
e
=
e
6
8
=
n
n
2
2
4
t
t
0
0
s
0
s
0
=
=
(
3
-
0
1
2 byte units. byte
0
b
y
6
8
t
0
D
0
D
e
0
0
s
a
a
)
b
b
t
t
F t o p s a
y
a
y
a
h
t
t
o t
r
f a
e
e
t
a
a
c m
f
e
s
s
n
r
g
k
m
a
e
m originate third from some host
e
t
g
p
h
t
s
e
m
t
e
l
y
.
n
e
e
s
f
t
n
r
n
t
#
a
g
e
t
2
g
m
t
#
h
m
b
2
s
o
e
e
i
t
f
g
s
n
o
f
i
t
r
n
n
c
a
#
s
o
r
g
1
a
t –
4
m
s
i
e
8
n
h
n
e
0 www.xenanetworks.com
a
d
n
d
b
c
s
t
u
y
c
#
r
(
t
o
i
a
1
e
n
r
t
.
s
g
d
T
8
e
r
h
0
w
e
a
0
i
i
s
a
r
t
)
l
h
.
s
i
c
e
T
s
t
a
t
r
e
h
a
h
n
(
m
e
e
a
r
c
t
b
o
g
a
3
l
f
u
y
f
e
2
s
s
0
e
t
e
)
t
WHITE PAPER Xena
testing, iscapable Xena of: onitsbased high offersXena a complete testfor solution X prem including connection, injecting TCP data theand into choosing attacker’s of an existing If an attacker of can of delivervarious thiscan sorts cause mischief, counterfeit packets sort, they Networks Networks ena DDoSTest ena and Solutions Verification 9: Figure • • • • • aturely closingexisting connections with by TCP the injectingbit counterfeit packets RST set.
a
t
t
a examples Offering ready Real Transmitting and receiving to ranging traffic from at aKbps 100 few rates Gbps. Blasting user Importing captured traffica as template.
c TCP sequenceTCP prediction attack –
k
e Global in Gigabit Price/PerformanceEthernet Leaders Testing
r - time analysis and reporting. - performance products. In network termsof test DDoS and measurement
c
l
i
e -
n defined packet from streams
t - to -
use port configuration files, step portuse configuration files,
T
T
T
T
C
C
C
C
P
P DDoS mitigation on e.g. firewalls, routers, and servers, firewalls, routers, mitigation and servers, DDoS on e.g.
P
P
,
,
,
,
S
S
S
S
e
e
e
e
q
q
q
q
=
=
=
=
3
0
6
6
0
0
0
layer 2 up to7. layer layer 2 up
- by - step guidelines, and pcap step guidelines,
– www.xenanetworks.com
t
a
r
g
e
t
WHITE PAPER Xena
stream. A field besettoor berandom modifier within increment can a or decrement specified testXena’s solutions allow to upto applied in anyper modifiers a six field packet, to field be Blas specified. value Anytesting field for negative an in invalid template a can besetto packet ICMP, LLC,MPLS, SNAP,SCTP, RTP,RTCP, GTP, UDP, STP, TCP, FCoE, IGMPv2/3, PBB, user or fully Packets can becompletely configu attack. selection.simpleattack The user’s packet the thus DDoS becomes template for a morecomplex platform the onthe template will andbased file which a parse analyze packet and generate and captureaddress, the trafficintofile. file This a can pcap can emulate attack a simpleUsers DDoS transmission rate, at ping e.g. thefrom low one target IP Traffic asCaptured Template Importing Networks Networks 10: Figure ting User
t t
a a
r r
g g
e e
t t
t t
a a
r r
g g –
e e Using Xena to Xena Using
S Global in Gigabit Price/PerformanceEthernet Leaders Testing
t t
m - Defined DDoS Attack Traffic Defined DDoSAttack
u
A
r
f
R
a
P
t t
t
a a
f
P
t
l
r r
a
s
o
g g
i
e e
c
n
p
o
t t
k
g
o test for attacks DDoS
d
o
f
i
n
g
t t
a a red by users, or IPv4, Ethernet, IPv6, Ethernet ARP, by II,red users, VLAN,
r r
T
g g
e e
e
a
t t
a
t
t
r
a
d
c
r
k
o
P
p
D
i
n
e
g
a
t t
a a
t
r r
o
h
g g
f
e e
t t
a
T
t then be imported be the then into Xena
t t
t
a a
C
D
a
r r
g g
P
c
N
e e
k
t t
S
f
l
o
o
d
t t
a a
S
U
r r –
g g
Y
D
e e www.xenanetworks.com
t t
N
P
f
f
l
l
o
o
o
o
d
d
t t
a a
r r
g g
e e
t t
t t
a a
r r
g g
e e
t t -
WHITE PAPER Xena
test vital. andthese productsbecome verification of and battleThe of no sign diminishing.the against attack On contrary, DDoS shows firewalls, routers mitigationvarious DDoS are developed. networkand systems security solutions, and products, on the internet businesses make attacksDDoS Ourto ever willin both continue grow scaleand severity. CONCLUSION the using streams pcap examples provided. o guides These In additionto configuration thefiles, there port arestep after needed as can be adjusted loading, or requirements. dependingon scenarios different these configuration websi from Xena’s files offersXena port configuration filescan download for the attacks.User DDoS aforementioned Ready Multiple capture can uptobe set to trigger meeting on specificcapture particular events,and packets criteria. andPackets can becapturedfilters WireShark. using and further exported Triggers analysis for Real constant bandwidtha pin and generate Foror Mbps. example,a cantheis set 100Gtheto link, linkuser iftraffic load50% with burst distributions. of can percentages bespecified line as Traffic rate, loads persecond, frames With well andTransmitting Differentat Rates Traffic Receiving attacktherefore ready. is generate a largetraffic a amounttowards singledestination of ping distributed of the (ping) address Request IP ICMPpacket Echo source and randomize it. lets the This user distributed can addFor combinations.a user modifier attackinstance,the with the various to modifiers can b range. The Networks Networks servers require constant to upgrades servers patch and benchmarking improve security. bugs Thus, - Time Analysis Time - to - - Use Files,Port Configuration Guidelines, Pcap and Examples defined traffic, users can select differentdefineddistribution, traffic, users bandwidth –
Global in Gigabit Price/PerformanceEthernet Leaders Testing ffer detailed information to and how configure attack DDoS eachDDoS about criteria expressions. canAND/OR bespecified using
e chained together that so attack aa simplecomplex into can grow vulnerable the As to cost ofmalicious attacksrise, attacks. g flood attack at 50attack at floodg Gbps. te and load accordingly. configurations to The ports
- by - step guides for users to for download. users guides step
-
increasing dependence dependence increasing –
constant (uniform) or (uniform) constant www.xenanetworks.com –
the ping floodthe ping
WHITE PAPER Xena
integrity. business and preserve continuitydetect business canthat ensure so flaws, companies t Going beyond generatingtest companies helps traffic, Xena DDoS learn and configureattack for DDoS streams testing. step features. also Xena ready provides network security with high delivers aXena complete testfor mitigation DDoS solution and Networks Networks heir to security products, andtest operators and networks - by - step guides and pcapstep examples guides toquickly help users –
Global in Gigabit Price/PerformanceEthernet Leaders Testing - performance products a
- to - use port configuration files, files, portuse configuration nd ample nd ample
– www.xenanetworks.com
WHITE PAPER