How Secure are your Network Devices?

Traffic IQ Pro is a packet replay tool for security and

protocol recognition testing. It is used to test network and security devices

such as routers, switches, firewalls, content filtering systems and virus

protection systems. For testing a device, the tool uses traffic files that are

based on various exploits present in devices and operating systems. The files

are designed to enable authorized access to remote machines typically with the

access rights of the service being exploited. They are divided into four groups,

namely, Application Exploits, Malicious Traffic, Application Traffic and

Standard Protocol Traffic. Once the user has configured Traffic IQ for testing a

particular device, the tool attacks the device with the traffic files to find

out whether the device being tested is vulnerable to these exploits or not. It

also has a built in command line interface for scripting of tests. In addition,

we can also add external third party capture files to its testing library. 

1	To perform simple traffic replay attack on a device click on Traffic tab. Choose single/multiple traffic files, define the internal and external IP addresses and click on Play	2	While the attacks are in place, you can see live adapter status as well as live status of Traffic files. Description of current traffic files in use is also available
3	Click on settings tab to define the time for packet expiry, time delay between the traffic files during attacks	4	Click on Reports to view the detailed report of the attacks executed

The setup for testing a network device using Traffic IQ Pro

is easy. You can directly connect your device to the network. You also have the

option of connecting with either a single or two network cards. The traffic

files can be chosen according to the device being  tested,  ie, while

testing a firewall or a router you can choose Malicious Traffic group from the

groups tab, which contains Traffic files of Denial of Service, application and

service exploits whereas for an antivirus you can choose the Malware/Spyware

group. However, the flip side is that the traffic files cannot be updated

automatically, though you can import your own network capture files from

Ethereal, libpcap, TCPDump, etc into traffic library. In Traffic IQ Pro you can

also design the test scenarios, which can be saved for reference at a later

stage. These scenarios are designed under a Traffic Scan list which enables the

user to use traffic files from multiple locations. Once created, the list will

contain additional information indicating the selected entries  and the

location of the traffic files.

While the tests are being done, the tool creates detailed

reports in two formats: Audit and Packet. The Audit report provides

information related to the name of the start time and date of the report, the

traffic file name and the outcome of the test. Whereas, the Packet report

produces additional information related to each individual packet within the

traffic files. While the attacks are in progress you can also see live Traffic

and  Adapter status. The Traffic status provides information about the type

and the number of  packets sent. A description of the traffic file is also

available. While the Adapter status gives only the information about the packets

sent.

5	To create a test scenario click on the Scan tab and then on the Add tab. A Window will pop-up on your screen. You can also modify the scenarios later	6	In the pop-up window select the traffic files to be used during the attack. Assign IP addresses & ports of internal and external machines. Click on Add to create a scenario
7	To create a custom group for the attacks right click on the group window, browse to New and click on New group to create a custom group	8	To add files to your newly created customized group, select the traffic file, right click on the file and click on add to group option

Swapnil Arora