How Secure are your Network Devices?

Traffic IQ Pro is a packet replay tool for security and
protocol recognition testing. It is used to test network and security devices
such as routers, switches, firewalls, content filtering systems and virus
protection systems. For testing a device, the tool uses traffic files that are
based on various exploits present in devices and operating systems. The files
are designed to enable authorized access to remote machines typically with the
access rights of the service being exploited. They are divided into four groups,
namely, Application Exploits, Malicious Traffic, Application Traffic and
Standard Protocol Traffic. Once the user has configured Traffic IQ for testing a
particular device, the tool attacks the device with the traffic files to find
out whether the device being tested is vulnerable to these exploits or not. It
also has a built in command line interface for scripting of tests. In addition,
we can also add external third party capture files to its testing library. 

1	To perform simple traffic replay attack on a device click on Traffic tab. Choose single/multiple traffic files, define the internal and external IP addresses and click on Play	2	While the attacks are in place, you can see live adapter status as well as live status of Traffic files. Description of current traffic files in use is also available
3	Click on settings tab to define the time for packet expiry, time delay between the traffic files during attacks	4	Click on Reports to view the detailed report of the attacks executed

The setup for testing a network device using Traffic IQ Pro
is easy. You can directly connect your device to the network. You also have the
option of connecting with either a single or two network cards. The traffic
files can be chosen according to the device being  tested,  ie, while
testing a firewall or a router you can choose Malicious Traffic group from the
groups tab, which contains Traffic files of Denial of Service, application and
service exploits whereas for an antivirus you can choose the Malware/Spyware
group. However, the flip side is that the traffic files cannot be updated
automatically, though you can import your own network capture files from
Ethereal, libpcap, TCPDump, etc into traffic library. In Traffic IQ Pro you can
also design the test scenarios, which can be saved for reference at a later
stage. These scenarios are designed under a Traffic Scan list which enables the
user to use traffic files from multiple locations. Once created, the list will
contain additional information indicating the selected entries  and the
location of the traffic files.

While the tests are being done, the tool creates detailed
reports in two formats: Audit and Packet. The Audit report provides
information related to the name of the start time and date of the report, the
traffic file name and the outcome of the test. Whereas, the Packet report
produces additional information related to each individual packet within the
traffic files. While the attacks are in progress you can also see live Traffic
and  Adapter status. The Traffic status provides information about the type
and the number of  packets sent. A description of the traffic file is also
available. While the Adapter status gives only the information about the packets
sent.

5	To create a test scenario click on the Scan tab and then on the Add tab. A Window will pop-up on your screen. You can also modify the scenarios later	6	In the pop-up window select the traffic files to be used during the attack. Assign IP addresses & ports of internal and external machines. Click on Add to create a scenario
7	To create a custom group for the attacks right click on the group window, browse to New and click on New group to create a custom group	8	To add files to your newly created customized group, select the traffic file, right click on the file and click on add to group option

Swapnil Arora