Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial...
Transcript of Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial...
![Page 1: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/1.jpg)
DDoS Testing with XM-2G Step by Step Guide
![Page 2: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/2.jpg)
Distributed Denial of Service (DDoS)
Multiple compromised systems – usually infected with a Trojan – are used to target a single system causing a Denial of Service (DoS) attack.
DDOS DEFINED
![Page 3: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/3.jpg)
DDoS – THE RISKS
![Page 4: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/4.jpg)
Click “Add Chassis”
Insert Xena Management Port IP address
Insert password (Default = “xena”)
Click “OK”
DDoS – CHASSIS CONNECTION
1
2
3
4
1
2
3 4
![Page 5: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/5.jpg)
Choose port to be used for the attack.
Click “Reserve Used Ports” to reserve the selected “Used” port.
Eliminate the view of other ports by checking “Show Only Used Ports”
DDoS – PORT RESERVATION
1
2
3
1
2 3
![Page 6: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/6.jpg)
SYN Flood A classic DDoS attack that sends rapid amounts of packets to a machine in an attempt to keep connections from being closed. The sending machine does not close the connection, and eventually that connection times out. If the attack is strong enough it will consume all resources on the server and send the website offline.
DDoS – SYN FLOOD
![Page 7: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/7.jpg)
Right-click on Attack port.
Click “Add Stream”
DDoS – SYN FLOOD
1
2
1
2
![Page 8: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/8.jpg)
Go to “Stream Configuration Grid” tab.
Click “+”.
Click “Import”
Select TCP.Syn Pcap
Click “Open”
Click First row
Click “OK”
DDoS – SYN FLOOD
1
2
3
4
5
6
7
![Page 9: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/9.jpg)
1. Configure D.MAC by either 1. Manually writing the Address 2. Click the ARP button to ARP the GW configured for the port.
DDoS – SYN FLOOD
1
![Page 10: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/10.jpg)
1. 12B Raw header = TCP options and may be removed to generate smaller Syn Packets. (Note that some devices might see that as an illegal TCP Packet)
2. TID(20B) may be removed for the same reason and since Packet Loss/Latency/Jitter… are not important in this test case scenario.
DDoS – SYN FLOOD
1
2
![Page 11: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/11.jpg)
Select Rate – Pps recommended. Rate can be configured as Bursty as well. Select Burst size and density – the Transmission Rate will become the Average rate) Select Packet Size Type. Packet size range 60 B -16,383 B. Select the Payload Type. Random recommended.
DDoS – SYN FLOOD
1
2
3
![Page 12: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/12.jpg)
1. Right click on “Src IP Addr”
2. Click “Add Modifier”
3. Select #of Src Ip`s
4. Select Address Action
(Random Recommended)
5. Click “OK”.
DDoS – SYN FLOOD
1
2
3
4
5
![Page 13: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/13.jpg)
1. To achieve 65K*4096 (~268.3M) addresses, add additional Modifier configured as follows:
DDoS – SYN FLOOD
1
![Page 14: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/14.jpg)
UDP Flood (Attached IPv6 DNS Query) A User Datagram Protocol Flood works by flooding ports on a target machine with packets that make the machine listen for applications on those ports and send back an ICMP packet.
DDoS – SYN FLOOD
![Page 15: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/15.jpg)
IPv4 Fragment Overlap
DDoS – SYN FLOOD
![Page 16: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/16.jpg)
Add Streams with no TID.
Set port Tx Mode to:
Sequential
Set Rate
Import Captured packets to:
Streams
DDoS – SYN FLOOD
1
2
3
4
IPv4(/UDP) Fragment Overlap
![Page 17: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/17.jpg)
Attached:
For additional Attacks/Malware traffic captures:
www.netresec.com/?page=PcapFiles
DDoS – PCAP FILES
1
2
![Page 18: Step by Step Guide - Xena Networks...DDoS Testing with XM-2G Step by Step Guide Distributed Denial of Service (DDoS) Multiple compromised systems – usually infected with a Trojan](https://reader034.fdocuments.in/reader034/viewer/2022042111/5e8cd97fa1fd2630ec591c65/html5/thumbnails/18.jpg)
wiki.xenanetworks.com www.xenanetworks.com/resources/ [email protected]
RESOURCES
WANT MORE INFORMATION?
Wiki: Website: Email: