Avalanche Vulnerability Testing (ThreatEx)
Avalanche Vulnerability Testing (ThreatEx) - Spirent Knowledge Base
Avalanche Vulnerability Testing (ThreatEx) - Spirent Knowledge Base
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong> (<strong>ThreatEx</strong>)<br />
Customer Support Service<br />
Hotline: +86 400-810-9529<br />
Email: support@spirent.com
Table of Contests<br />
0 INFO ............................................................................................................................ 1<br />
1 VULNERABILITY OVERVIEW .................................................................................... 2<br />
2 KNOWLEDGE BASE UPDATE ................................................................................... 3<br />
3 ATTACK LISTS ........................................................................................................... 5<br />
4 DEFINE ATTACK LIST EDITOR ................................................................................. 6<br />
5 CONFIGURE ATTACK ................................................................................................ 8<br />
6 TEST RESULT .......................................................................................................... 10<br />
7 Q&A ........................................................................................................................... 12
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
0 Info<br />
No. Date Author<br />
STC-L47-360-0405-01-EN Jan, 2011 By YSHEN<br />
KB_EN_AV_<strong>Vulnerability</strong> Jan, 2013 By YSHEN<br />
KB_EN_AV_<strong>Vulnerability</strong> 1
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
1 <strong>Vulnerability</strong> Overview<br />
<strong>Avalanche</strong> <strong>Vulnerability</strong> feature support:<br />
‣ Standard Attack<br />
‣ Email Attack<br />
‣ VoIP Attack<br />
‣ Fuzzing Attack<br />
‣ Attack Knowledge Base (separate license)<br />
‣ Attack Designer (separate license)<br />
<strong>Avalanche</strong> <strong>Vulnerability</strong> support <strong>Avalanche</strong> 3.0 and later version, support all hardware which<br />
can support <strong>Avalanche</strong> application.<br />
Attack Knowledge Base is a 1-year-subscription service by which can get about 7000 attacks.<br />
Attack Designer is a tool by which you can define customization attacks.<br />
In <strong>Vulnerability</strong>, we have 3 kinds if attack:<br />
‣ Stateful attacks<br />
‣ Stateless attacks<br />
‣ Raw attacks<br />
KB_EN_AV_<strong>Vulnerability</strong> 2
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
2 Knowledge Base Update<br />
After <strong>Avalanche</strong> installation, there are only about 20 attacks in the list. So please update<br />
knowledge base before testing.<br />
2.1 Configure path and access<br />
<strong>Avalanche</strong> GUIàToolsàProtocol and Attack Updates<br />
Username: AVVASYC, Password: spirent123<br />
KB_EN_AV_<strong>Vulnerability</strong> 3
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
By default, you will get about 1600 attacks.<br />
If you have purchased Attack Knowledge Base update, please get username and password<br />
from Spirent Support.<br />
2.2 Run update<br />
Click “Go” button to begin the update process. It will take 1-2 hours depending on the network<br />
bandwidth.<br />
2.3 Update inside database automatically<br />
After update finished, all of attack xml files will be save under “%install path%\...\Layer 4-7<br />
Application\database\threatex\ThreatDB”.<br />
<strong>Avalanche</strong> will create an index file named “threat_cache.db” when you first run <strong>Vulnerability</strong><br />
after update. <strong>Avalanche</strong> will reload attacks if “threat_cache.db” file damaged or missed.<br />
<strong>Avalanche</strong> GUIàClientàAction, select “Attack Lists”, create a new attack list and clicks<br />
“Editor”, and confirm update in the follow pop window.<br />
KB_EN_AV_<strong>Vulnerability</strong> 4
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
3 Attack Lists<br />
Create new Attack Lists, and select Editor button to edit it.<br />
<strong>Vulnerability</strong> test is to add action below action:<br />
THREATEX://ATTACK_LIST=your_attackList_name<br />
Users can create many lists, added into action when needed.<br />
Each list can include one or more attack.<br />
When there are more than 1 attack, <strong>Vulnerability</strong> will send it one by one.<br />
KB_EN_AV_<strong>Vulnerability</strong> 5
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
4 Define Attack List Editor<br />
Attack List Editor GUI as below:<br />
:<br />
4.1 Test suites<br />
We have 3 kinds of test suite. Enable check box to select all under the branch which not<br />
recommended.<br />
‣ Email<br />
‣ Fuzzing<br />
‣ Standard<br />
‣ VoIP<br />
4.2 Attack list<br />
Users can select one or more attacks in the list.<br />
KB_EN_AV_<strong>Vulnerability</strong> 6
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
4.3 Attack variable<br />
Attack variable: It only affects for each attack<br />
4.4 Suites variable<br />
Suites variable It can only affects the attacks in the current suite.<br />
4.5 Global variable<br />
Global variable has highest priority; it affects all attack value in the test.<br />
4.6 Attack filter<br />
To use filter, find the attacks quickly.<br />
4.7 Save<br />
Please save Attack List and exit editor.<br />
KB_EN_AV_<strong>Vulnerability</strong> 7
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
5 Configure attack<br />
5.1 Stateful attack<br />
When run a stateful attack, must include stateful attacks on client, and create <strong>ThreatEx</strong>TCP<br />
type server on server side.<br />
Note to change the server port accord with client attack port variable, this is very<br />
important.<br />
5.2 Stateless attack<br />
When run a stateful attack, must include stateless attacks on client, and create <strong>ThreatEx</strong>UDP<br />
type server on server side.<br />
Note to change the server port accord with client attack port variable, this is very<br />
important.<br />
KB_EN_AV_<strong>Vulnerability</strong> 8
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
5.3 RAW attack<br />
When run a RAW attack, must include RAW attacks on client. We do not need add any attack<br />
server on the server side.<br />
We suggest not set up any kind of server with the same port which RAW attack attacking.<br />
KB_EN_AV_<strong>Vulnerability</strong> 9
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
6 Test Result<br />
Under Client Summaryà<strong>ThreatEx</strong> Summary, we can find the test result.<br />
Under Server Summaryà<strong>ThreatEx</strong> (TCP/UDP) Statistics, we can find the test result on server<br />
KB_EN_AV_<strong>Vulnerability</strong> 10
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
Note: <strong>Avalanche</strong> count the sent attack number only on client side.<br />
You will need enable “Enable Attack Real Time Statistics” under RunàConfigure to get<br />
threat real time result.<br />
KB_EN_AV_<strong>Vulnerability</strong> 11
<strong>Avalanche</strong> <strong>Vulnerability</strong> <strong>Testing</strong><br />
7 Q&A<br />
Q1. Why there is no test result on server side in a Stateless test?<br />
Server side only counts Stateful attack.<br />
Q2. Why there is no count in RUN page?<br />
<strong>Vulnerability</strong> does not count RAW attack. Need check in result.<br />
Q3. What type should we use in Load Specification?<br />
SimUsers/sec is suggested.<br />
Q4. How to get support?<br />
Access Spirent support with tester SN by:<br />
Global Email: support@spirent.com<br />
CSC website: http://support.spirent.com<br />
KB_EN_AV_<strong>Vulnerability</strong> 12