Avalanche Vulnerability Testing (ThreatEx)

Avalanche Vulnerability Testing (ThreatEx) 

Customer Support Service 

Hotline: +86 400-810-9529 

Email: support@spirent.com

Table of Contests 

0 INFO ............................................................................................................................ 1 

1 VULNERABILITY OVERVIEW .................................................................................... 2 

2 KNOWLEDGE BASE UPDATE ................................................................................... 3 

3 ATTACK LISTS ........................................................................................................... 5 

4 DEFINE ATTACK LIST EDITOR ................................................................................. 6 

5 CONFIGURE ATTACK ................................................................................................ 8 

6 TEST RESULT .......................................................................................................... 10 

7 Q&A ........................................................................................................................... 12

Avalanche Vulnerability Testing 

0 Info 

No. Date Author 

STC-L47-360-0405-01-EN Jan, 2011 By YSHEN 

KB_EN_AV_Vulnerability Jan, 2013 By YSHEN 

KB_EN_AV_Vulnerability 1


1 Vulnerability Overview 

Avalanche Vulnerability feature support: 

‣ Standard Attack 

‣ Email Attack 

‣ VoIP Attack 

‣ Fuzzing Attack 

‣ Attack Knowledge Base (separate license) 

‣ Attack Designer (separate license) 

Avalanche Vulnerability support Avalanche 3.0 and later version, support all hardware which 

can support Avalanche application. 

Attack Knowledge Base is a 1-year-subscription service by which can get about 7000 attacks. 

Attack Designer is a tool by which you can define customization attacks. 

In Vulnerability, we have 3 kinds if attack: 

‣ Stateful attacks 

‣ Stateless attacks 

‣ Raw attacks 



2 Knowledge Base Update 

After Avalanche installation, there are only about 20 attacks in the list. So please update 

knowledge base before testing. 

2.1 Configure path and access 

Avalanche GUIàToolsàProtocol and Attack Updates 

Username: AVVASYC, Password: spirent123 



By default, you will get about 1600 attacks. 

If you have purchased Attack Knowledge Base update, please get username and password 

from Spirent Support. 

2.2 Run update 

Click “Go” button to begin the update process. It will take 1-2 hours depending on the network 

bandwidth. 

2.3 Update inside database automatically 

After update finished, all of attack xml files will be save under “%install path%\...\Layer 4-7 

Application\database\threatex\ThreatDB”. 

Avalanche will create an index file named “threat_cache.db” when you first run Vulnerability 

after update. Avalanche will reload attacks if “threat_cache.db” file damaged or missed. 

Avalanche GUIàClientàAction, select “Attack Lists”, create a new attack list and clicks 

“Editor”, and confirm update in the follow pop window. 



3 Attack Lists 

Create new Attack Lists, and select Editor button to edit it. 

Vulnerability test is to add action below action: 

THREATEX://ATTACK_LIST=your_attackList_name 

Users can create many lists, added into action when needed. 

Each list can include one or more attack. 

When there are more than 1 attack, Vulnerability will send it one by one. 



4 Define Attack List Editor 

Attack List Editor GUI as below: 

: 

4.1 Test suites 

We have 3 kinds of test suite. Enable check box to select all under the branch which not 

recommended. 

‣ Email 

‣ Fuzzing 

‣ Standard 

‣ VoIP 

4.2 Attack list 

Users can select one or more attacks in the list. 



4.3 Attack variable 

Attack variable: It only affects for each attack 

4.4 Suites variable 

Suites variable It can only affects the attacks in the current suite. 

4.5 Global variable 

Global variable has highest priority; it affects all attack value in the test. 

4.6 Attack filter 

To use filter, find the attacks quickly. 

4.7 Save 

Please save Attack List and exit editor. 



5 Configure attack 

5.1 Stateful attack 

When run a stateful attack, must include stateful attacks on client, and create ThreatExTCP 

type server on server side. 

Note to change the server port accord with client attack port variable, this is very 

important. 

5.2 Stateless attack 

When run a stateful attack, must include stateless attacks on client, and create ThreatExUDP 

type server on server side. 

Note to change the server port accord with client attack port variable, this is very 

important. 



5.3 RAW attack 

When run a RAW attack, must include RAW attacks on client. We do not need add any attack 

server on the server side. 

We suggest not set up any kind of server with the same port which RAW attack attacking. 



6 Test Result 

Under Client SummaryàThreatEx Summary, we can find the test result. 

Under Server SummaryàThreatEx (TCP/UDP) Statistics, we can find the test result on server 



Note: Avalanche count the sent attack number only on client side. 

You will need enable “Enable Attack Real Time Statistics” under RunàConfigure to get 

threat real time result. 



7 Q&A 

Q1. Why there is no test result on server side in a Stateless test? 

Server side only counts Stateful attack. 

Q2. Why there is no count in RUN page? 

Vulnerability does not count RAW attack. Need check in result. 

Q3. What type should we use in Load Specification? 

SimUsers/sec is suggested. 

Q4. How to get support? 

Access Spirent support with tester SN by: 

Global Email: support@spirent.com 

CSC website: http://support.spirent.com

Avalanche Vulnerability Testing (ThreatEx)

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?