IxLoad-Attack TM : Network Security Testing IxLoad-Attack tests network security appliances to validate that they effectively and accurately block attacks while delivering high end-user quality of experience (QoE) for mission-critical applications. IxLoad-Attack tests the wide range of network security appliances for both wired and wireless networks, including: Next-generation firewalls Intrusion detection and prevention systems (IDS/IPS) Anti-virus, anti-spam, and URL filters VPN gateways IxLoad-Attack delivers the security testing depth and scale needed to satisfy both device validation and continuous protection of cloud infrastructures, as well as enterprise, government, and service provider networks. IxLoad-Attack is the only product that provides malicious traffic over both encrypted and non-encrypted links. It runs in parallel with all other IxLoad functions. Customized, real-world network traffic provides the "good" reference traffic that security devices must forward without affecting customer QoE. Many security devices require frequent software updates to provide up-todate protection. To keep pace with current threats IxLoad-Attack includes a bi-weekly update service. Key IxLoad-Attack features include: 20,000 unique live security attacks, the most comprehensive solution targeting known vulnerabilities Automatic updates via a subscription service Millions of attack permutations enabled by multiple evasion techniques Comprehensive coverage for published Microsoft vulnerabilities Line-rate distributed denial of service (DDoS) attacks over 1GE, 10GE, and 40GE interfaces Converged real-world application traffic mix with fully-stateful voice, data, and video emulations Mix of legitimate and malicious traffic on the same ports Evaluation of security effectiveness, detection accuracy, performance benchmarking, and service availability Continual updates backed by security research from two industry pioneers Delivery of attacks over IPsec tunnels for security and performance testing of VPNs and LTE security gateways Wireless attack delivery via generic tunneling protocol (GTP) 26601 Agoura Road Calabasas, CA 91302 USA Tel + 1-818-871-1800 www.ixiacom.com Document No.: 915-1787-01 Rev F April 2014 - Page 1
Features and Specifications Figure 1 - High-Level Vulnerabilities and DDoS Attacks Feature Category Detailed Description Published Vulnerabilities and Malware 20,000+ vulnerabilities and malware Highest coverage of Microsoft vulnerabilities Subscription service with online and offline malware and vulnerabilities updates Measures security effectiveness Emulates attacks over IPv4, IPv6, and IPsec Comprehensive attack metadata Multiple attack evasions Packet capture using IxLoad s embedded Analyzer Attacker/server-initiated attacks Target/client initiated attacks (client-based attacks) Multiplay Voice, Video, Data, and Wireless Protocol Support Internet: HTTP, P2P, FTP, SMTP, POP3, DNS, and CIFS Video: IGMP, RTSP, Adobe Flash Player, Microsoft Silverlight, Apple HLS, MPEG2, and H.264/AVC Voice: SIP, MGCP, H.323, H.248, Cisco Skinny, FAX over IP, video conferencing, and PSTN Wireless: 3GPP packet core protocols used by GGSNs Page 2
Feature Category Detailed Description DDoS General Features Both IPv4 and IPv6 Botnet and target emulation Attacks against live servers Attacks against intermediate devices Emulation of large botnets with millions of unique IP addresses Line rate attacks over 1GE, 10GE, and 40GE interfaces Mix of voice, data, video, and DDoS traffic on same port Mix multiple attack patterns on same port Attacks initiated from spoofed IPs or real IPs Attack rate and attack throughput test objectives DDoS - Patterns ARP Attacks ARP Flooding ICMP Attacks Fragmented ICMP Host Unreachable Nuke attack Ping of Death attack Ping Sweep attack TIDCMP attack UDP Attacks DNS Flooding attack Evasive UDP attack UDP Flooding attack UDP Port Scan attack UDP Fragments attack TCP Attacks TCP ACK Flooding TCP SYN Flooding TCP FIN Flooding TCP RST Flooding TCP Land attack TCP Port scanning attack TCP SYN/ACK Flooding TCP Xmas tree attack IP Attacks Malformed IP Options attack Nestea attack Short Fragment Teardrop IGMP Attacks Fragmented IGMP attack IGMPSYN Flooding Page 3
Statistics Function Statistics DDoS Published Vulnerabilities and Malware Attack counters Attack rates Attack throughput Per attack counters Per attack rates Per attack throughput Drill down per port, attack, and network Attack counters Attack rates Attack packet counters Attacks Packets Sent/Received/ Not Received Attack packet rates Packets per second Sent/Received/Not Received Attack throughput Per attack counters Attacks - distribution by year Attacks - distribution by vendor Attacks - distribution by severity Attacks - distribution by category Attacks - distribution by threat type Attacks - distribution by evasion class Drill down per port Drill down per attack Drill down per network Page 4
Ordering Information Part Number Description 925-3344 IxLoad-ATTACK-2012, Software Bundle, Layer 4-7 Performance Test Application; includes: ADVNET-DHCP 925-3601 IXLOAD, SUBSCRIPTION-VULNERABILITIES 925-3602 IXLOAD, VULNERABILITIES-MALWARE-K 925-3603 IXLOAD, VULNERABILITIES-MALWARE-T 925-3606 IXLOAD, DDoSv2-BASE 925-3607 IXLOAD, PVM-BASELINE-TRAFFIC 932-0101 Analyzer Server, Base Software, Chassis Component, Packet Capture, View and Analysis 932-0102 Analyzer, Client, Base Software, Media player tools, Node-Locked License 925-5344 IxLoad CPD-ATTACK-2012, Software Bundle, Layer 4-7 Performance Test Application for the Appliance; includes: 925-5115 IXLOAD-ADVNET-DHCP 25-5601 CPD-SUBSCRIPTION-PVM 925-5602 CPD-VULN-AND-MALWARE-K 925-5603 CPD-VULN-AND-MALWARE-T 925-5607 CPD-PVM-BASELINE-TRAFFIC 932-0101 Analyzer Server, Base Software, Chassis Component, Packet Capture, View and Analysis 932-0102 Analyzer, Client, Base Software, Media player tools, Node-Locked License Page 5