BreakingPoint Systems (BPS测试仪学习)

1、日程安排,设备管理 测试配置 网络配置 三层测试(Routing Robot) 四层测试(Session Sender) 七层单协议测试(Appsim) 七层多协议测试(Appsim) 安全攻击测试 L4 Replay Capture settings (Recreate) L4 Replay User settings (Recreate),HomePage,On the Homepage you can access menus via left or top menu bar :,4,On the Homepage you can access menus via left or top

2、 menu bar :,Administration,Administration,In the Administration section you will be able to : Perform basic system functions (Build reverts, test exports) Manage users Manage routes (management) Update the unit with OS or strikepack updates View logs Expunge database,Administration,Perform basic sys

3、tem functions (Build reverts, tests export) :,Administration,Manage users,Administration,Manage routes (management),Administration,Update the unit with OS or strikepack updates,Administration,After clicking “Update” you will be prompted to upload an update file on the unit, brows to your local copy

4、of the update file and select it :,Administration,View logs,Administration,Expunge database,Administration Exercise,Create a user account for every person in this room,Network Neighborhood,Network Neighborhood,Network Neighborhood lets you define the topology of the test.,Each Interface can have mul

5、tiple domains (usable per component) Each domain can have multiple subnets.,Network Neighborhood,Subnets are mapped to logical port reservation.,Network Neighborhood,This allows good flexibility if you want to change physical connections.,Network Neighborhood,Switching topology,Network Neighborhood,

6、Create a new Network Neighborhood,Network Neighborhood,Configure the first domain of first interface (default) with appropriate IP addresses according to the topology.,Network Neighborhood,Configure the first domain of second interface (default) with appropriate IP addresses according to the topolog

7、y.,Network Neighborhood,Routing Topology using 2 Virtual Routers,Network Neighborhood,Save the previous Topology to a new one to save time :,Network Neighborhood,Configure the first domain of first interface (default) with appropriate IP addresses according to the topology.,Network Neighborhood,Conf

8、igure the first domain of second interface (default) with appropriate IP addresses according to the topology.,Network Neighborhood Exercise,Create the 5 network neighborhoods using the above slides : Switching topology Routing topology with 2 Virtual Routers,L3 Module (Routing Robot),L3 Module,Go to

9、 the Storm homepage and select “New Test” in the “Test” menu bar :,L3 Module,Step 1 : Choose Network topology and IP configuration. You can create your own topology In this example we will choose “BreakingPoint Switching”,L3 Module,Step 2 : Choose a test component that will define the type of traffi

10、c you will be able to run In this example we will choose the Routing Robot,L3 Module,Test component is configurable with bottom tabs. Information tabs let you specify a name and a description for the component. This can be useful for reporting,L3 Module,Interfaces tab lets you configure what physica

11、l ports will be used in the test Ports order can be changed easily with “Device Status”, available on the top-right corner of the GUI.,L3 Module,Presets tab lets you choose between several components configuration presets Configuration will be automatically applied on the Parameters tab,L3 Module,Pa

12、rameters tab is the heart of the test component. The list of available parameters is displayed in the pane #1 The selected parameters to be modified are displayed in pane #2,#2,#1,L3 Module,Test Duration defines the duration of the test in seconds, frames or packets : Payload type defines the conten

13、t of packets,L3 Module,Datarate lets you define bandwidth and load profile:,L3 Module,Size Distribution lets you define the frame/packet size :,L3 Module,Step 3 : the test criteria is target for the test, it will be calculated at the end of the test and will deliver a pass/fail value. Default test c

14、riterias can be deactivated. It is possible to set multiple test criterias, results will be available in the report,L3 Module,Step 4 : once test is ready, click on Save and Run. Give the test a name and Realtime stats will be displayed,L3 Module,Test Duration Layer tabs Graph Follow or freeze time,L

15、3 Module,At the end of the test, Test criteria window will appear and you will have several options Go back to the test configuration View the report Restart the test,L3 Module,The report can be exported to multiple formats,L3 Exercise,Create a test for each frame size of RFC2544 : 64 bytes 128 byte

16、s 256 bytes 512 bytes Run each test and save a report, make sure the frame size was correct.,1024 bytes 1280 bytes 1518 bytes 9126 bytes (Jumbo Frames),L4 TCP Module (Session Sender),L4 TCP Module,Create a new test and select a Neighborhood :,L4 TCP Module,Create a new test and select a Neighborhood

17、 :,L4 TCP Module,The TCP module has many settings in the Parameters tab :,L4 TCP Module,Payload can be defined by presets or by user Payload size can be fixed, range or random “Packet per session” defines the number of packets inside each TCP session,L4 TCP Module,Maximum simultaneous sessions and s

18、essions/s are used as constraints and also for steady phase,L4 TCP Module,Sessions setup behavior is defined in 3 steps (Ramp Up, Steady, Ramp Down) RampUp can be calculated (straight) or divided in stair steps,L4 TCP Module,Client,Server,SYN,SYN/ACK,ACK,Ramp Up behavior,L4 TCP Module,Client,Server,

19、SYN,SYN/ACK,ACK,PAYLOAD,Ramp Up behavior,L4 TCP Module,Client,Server,SYN,SYN/ACK,ACK,PAYLOAD,FIN,FIN/ACK,ACK,Ramp Up behavior,L4 TCP Module,Client,Server,SYN,SYN/ACK,Ramp Up behavior,L4 TCP Module,Client,Server,SYN,Ramp Up behavior,L4 TCP Module,Client,Server,FIN,FIN/ACK,ACK,Ramp Down behavior,L4 TC

20、P Module,Client,Server,FIN,FIN/ACK,Ramp Down behavior,L4 TCP Module,Client,Server,RST,Ramp Down behavior,L4 TCP Module,Client,Server,RST,Ramp Down behavior,L4 TCP Module,You can also specify source and destination ports (fixed, random, range) TCP retry mechanism can be customized,L4 TCP Module,Save

21、and Run the test, you will be able to accurately measure TCP behavior :,L4 TCP Module,Save and Run the test, you will be able to accurately measure TCP behavior :,L4 TCP Module,The final report contains all test statistics:,L4 TCP Exercise,We will configure a 30 seconds Ramp Up with Stair Steps We w

22、ant 10 equal steps to fit in this duration and the maximum load is 10 000 sessions/seconds The Ramp Up phase must simulate full cycle TCP sessions The Steady duration must be at least 30 seconds There is no limit for open connections or data rate or TCP ports The payload must be at least 3K of rando

23、m data,L 7 Module Single protocol (Appsim),L7 Module Single protocol,Create a new test and select a Neighborhood :,L7 Module Single protocol,Select Application Simulator Component :,L7 Module Single protocol,Application Simulator is similar to Session Sender module The difference is that Application

24、 Simulator will use an Application Profile for Payload Application profiles can be defined in Application Manager,L7 Module Single protocol,Click on the Application Manager in the Managers menu :,L7 Module Single protocol,An Application profile is a group of one or more protocols called Superflows,L

25、7 Module Single protocol,A Superflow is a highly configurable set of actions for a given protocol Here is an example of HTTP transaction :,L7 Module Single protocol,Each action can be configured for more realism :,L7 Module Single protocol,Lets start by copying a default HTTP superflow From BPS pres

26、ets and create the associated Application Profile. First we create the Superflow from a preset (Save as) :,L7 Module Single protocol,Now we create the Application Profile to use the Superflow :,L7 Module Single protocol,The final step in Application Manager is to associate HTTP Superflow with HTTP A

27、pplication Profile :,L7 Module Single protocol,Go back to the test configuration and configure the load Profile the same way as the L4 test (make sure transaction rate and payload size will not overload interfaces capacity),L7 Module Single protocol,Select the right Application Profile and run the t

28、est,L7 Module Single protocol,Realtime statistics gives you a view on application transactions :,L7 Module Single protocol,The final report contains more information on protocols :,L7 Exercise,Create a L7 test using a copy of an existing Application Profile, and use the appropriate session rate to r

29、each 500 Mbps,L7 Module Mix protocols (Appsim),L7 Module Mix protocols,Create a new test and select a Neighborhood :,L7 Module Mix protocols,Select Application Simulator Component :,L7 Module Mix protocols,Application Simulator is similar to Session Sender module The difference is that Application S

30、imulator will use an Application Profile for Payload Application profiles can be defined in Application Manager,L7 Module Single protocol,For this example we will create an application profile using existing Superflows (presets) :,L7 Module Single protocol,Creating a Mix of protocols wan be done by

31、adding superflows to the same Application Profile:,L7 Module Single protocol,Select the right Application Profile in Test configuration,L7 Module Single protocol,Realtime statistics shows each protocol transaction rate :,L7 Module Single protocol,Application Simulator reports include Protocol distri

32、bution and per protocol stats,L7 Exercise,Create a Mix of Protocols using Default superflows with following protocols and distribution : FTP (Weight:200) Hotmail (Weight:75) HTTP Text (Weight:75) LDAP (Weight:10) MSN IM Chat (Weight:30) Use an appropriate Load profile not to overload Interfaces capa

33、city,NNTP (Weight:50) POP3-Advanced (Weight:25) IMAPv4 Advanced (Weight:25) NFS (Weight:100) HTTPS (Weight:10),Security Test,Security Test,Go to the Storm homepage and select “New Test” in the “Test” menu bar :,Security Test,Step 1 : Choose Network topology and IP configuration. In this example we w

34、ill choose “Switching”,Security Test,Step 1 : Choose Device under test monitoring scripts. In this example we will choose “SSH_FW1”,Security Test,Step 2 : Choose a test component that will define the type of traffic you will be able to run In this example we will choose the Security component,Securi

35、ty Test,For now, save the test for future use,Security Test,Go to the Strike list in “Managers” tool bar,Security Test,Strike list contains all strikes available in Storm with CVE,BID references and also BPS internal ID,Strike list can be filtered using combination of keywords Restrict search to the

36、 current Strike list Smart Strike list will include automatically new strikes from Strikepacks,Security Test,Internal ID are based on type and date of attack,E09 : All exploits of 2009 E10 : All exploits of 2010 D10 : All Denials of 2010,Security Test,You can include protocols and traffic direction

37、in filter by using right click,Security Test,Right click on the final search list and select “Add all results” to include attacks in the strike list You can record multiple searches in a strike list,Security Test,Once you have made your selection, select “Save as” under “Strike list” menu,Security T

38、est,Go back to the test using the arrow,Security Test,Select the previously created list :,Test duration is calculated according to the number of strikes in the list,Security Test,Attacks are sent one after the other every second but you can limit the Attack rate,Using 0.1 will send 1 attack every 1

39、0 seconds MaxPacket per second is the packet rate limitation, using 10 will limit the packet rate to 10 packets/s Timeout occurs if a segment has not crossed the DUT,Security Test,Attack retries occurs after timeout,Random seed will affect payload creation, keep the same seed to repeat exact test sc

40、enario Attack plan Iteration is the number of times the test will be repeated,Security Test,Evasion profile is based on the list of selected strikes. Evasions are protocol specific weakness that can make the strike more complicated to detect Evasion techniques are used by hackers to bypass usual sec

41、urity checks,Security Test,Storm contains many evasion settings for different protocols, you can customize,the evasions and create your own list of evasions,Security Test,Save and Run the test, you can follow attacks blocking in the realtime statistics,Security Test,Final report include strikes clas

42、sification and passed/blocked status for every strike,Security Test,The report contains detailed information about each strike status,Security Test,It is also possible to simulate attacks using regular components Create a test with Session Sender component :,Security Test,Configure the Rampup phase

43、with SYN Only and set both Steady and RampDown phases to 0 seconds. You can also configure “Calculated” or “Stair Step” RampUp type,Security Test,Save and Run the test,Security Test,In Realtime stats we see only attempted connections,Security Test,You can mix SYN Flood with strike component,Security

44、 Test Exercise,Create a Strike list with HTTP client side attacks and IP fragmentation (24 bytes) as evasion technique Create a Strike list with only Microsoft SMTP attacks from 2008 to 2010. Add all POP3 attacks Add all IMAP attacks Add a SYN Flood Component Add a L7 component to simulate realistic

45、 traffic Add a L3 component to simulate background noise,L4 Replay Capture settings (Recreate),L4 Recreate,Create a new test and select a Neighborhood :,L4 Recreate,Select the Recreate Component :,L4 Recreate,Click “Import” link in the Capture file pane of the Parameters Tab:,L4 Recreate,You can choose a capture file on your local computer, this file must contains at least one valid TCP or UDP session:,L4 Recreate,You can recreate the traffic with the same settings (