Application and Threat Intelligence (ATI) Blog

Often, the most informative blog posts come from our team in the field, which is why I’m writing today. We were engaged in a professional services project recently, when a customer relayed the details of a pricey lesson learned at a large mobile carrier. We are sharing the story in the hope that it might help other organizations avoid this costly mistake.

The BreakingPoint Storm CTM is a highly effective tool for generating massive amounts of load to test your web services infrastructure. You can leverage this capability to generate both legitimate and nefarious traffic in order to simulate an application layer Denial of Service (DoS) attack. In this blog post, we will step through the generation of a realistic attack scenario which can be used to evaluate your web infrastructure’s resiliency, especially that of DDoS mitigation systems. Also, If you’d like to try this for yourself, simply download the ATI update released today (68714) and open up the tests prefixed "Blog Post 2010-08-20 DDoS".

Today, we have released ATI Update 68714 for the BreakingPoint Storm CTM 2.0 operating system, as well as updates for 1.5 (ATI Update 68717) and 1.2 (ATI Update 68715). This update contains 4 new strikes, including Microsoft coverage from this month. In addition, numerous performance enhancements have been added to appsim, along with new functionality for LDAP and Radius.

In order to meet the high expectation of the IPv6 network and service quality, and deal with the reality of dual stack IPv4/IPv6 traffic organizations are looking for an efficient, realistic and scalable tool to measure the impact of dual stack traffic. Their ability to measure the performance, security and stability of any network handling IPv4/IPv6 traffic will directly determine if the launch of any IPv6 based network and service is successful.

Used in a security context, the term sandbox refers to a mechanism used to segregate untrusted processes in such a way that renders the process harmless. There has been a lot of talk about sandboxes recently and it seems like more and more of the big applications are starting to use them. Sandboxes sound great. In fact, they are great. If an attacker is able to compromise an application that is running in a sandbox, the sandbox can make it very difficult for him to be able to do anything useful, even though he can execute arbitrary code. People are not perfect, however, and thus the sandboxes people create can't purposefully be perfect. That being said, existing sandbox implementations are quite robust and have excellent ideas.  One of the most popular sandboxes is the one found in Google Chrome, which I have learned a lot about over the past few months.

Today, we have released ATI Update 68404 for the BreakingPoint Storm CTM 2.0 operating system, as well as updates for operating systems 1.5 (ATI Update 68387) and 1.2 (ATI Update 68399). This ATI Update includes 10 new strikes as well as improvements to the HTTP, TR-069, and SIP protocols. Each of these application enhancements continues our mission of protocol realism.

Lawful intercept systems utilize technology such as deep packet inspection (DPI) to electronically monitor packet-level communications. As such, they must be able to inspect not only packet headers and footers but also the communication payload where the message contents are carried. Deploying, configuring, and maintaining lawful intercept systems can be a huge challenge for network and IT administrators as network speeds and traffic volume increase, particularly since there is simply no room for errors or latency.

If you've been reading this blog for the past few weeks, you're already aware of the extremely rapid development cycle we're following as we add capabilities to our product for simulating Long Term Evolution (LTE) networks. (If you're not, or if you just want a refresher on what's at stake and why LTE is important, check out Dennis's post explaining this development cycle.) My part of this project involves our support for S1AP, a control-plane signaling protocol that handles wireless network traffic between two key parts of LTE networks, the eNodeB and the MME. As Dennis put it in the post I just cited, "Think of eNodeB as comprising all the communications architecture that makes LTE possible, including communications between the tower, the SGW (Service Gateway) and the MME (Mobility Management Entity), which is the main signaling node that deals with registration and a lot more."