Archive for IPS

Validating Application Detection Signatures

December 13, 2011

In the new world of next-generation networks, pretty much every leading network equipment manufacturer (NEM) today has application-awareness built into their products. Whether it’s an application firewall, serving gateway or edge router, they’re all using deep packet inspection (DPI) to look deep into the network traffic to identify the specific application.

For example, Cisco has Application Visibility & Control, Juniper has AppSecure, Palo Alto Networks has App-ID, Sandvine has Traffic Identification and Tellabs has Application Identification.

Each vendor has their own proprietary database comprised of hundreds or thousands of application signatures and on finding a match, their system can then take action based on the defined policy (e.g. block an application, apply QoS, etc…)

Before these new application signatures are released however, testing is needed to ensure the accuracy of the detection. One of the major challenges is to avoid the false positive, in which an application is misclassified.

Full Post »

Categories: DPI, Firewall, iPhone, IPS, Netflix, Performance, Studio, Testing, Uncategorized
869 Comments
Bookmark and Share

Driving Real Application Traffic Through Junosphere Virtual Infrastructure

October 3, 2011

Today, Juniper announced Junosphere™ Lab, an innovative on-demand service that gives service providers and enterprises immediate and low cost access to a virtualized environment for designing and testing networks. Very cool stuff – leveraging the power of the cloud and helping customers dramatically reduce their TCO while accelerating the time to model networks.

Real Traffic in a Virtual Environment

So when you spin up a network environment and model a production topology, you’ll then need a way to create realistic application traffic to understand its impact across the network. That’s where we come in.

Mu Studio Performance has been integrated into the Junosphere Lab so you can just as easily spin up (and tear down) virtual instances of our performance testing solution to quickly and accurately recreate a mix of applications that represent the production environment – that is, real users on real devices, running real applications.

Full Post »

Categories: Cloud, DPI, EC2, Firewall, iPhone, IPS, Performance, Scalability, Scale, Studio, Testing, Uncategorized
1,356 Comments
Bookmark and Share

Ensuring the Accuracy of the Mu TestCloud Application Tests

September 19, 2011

In a previous blog I discussed how we had started to build out the test content for different kinds of applications across categories like P2P, video, chat and social media in our Mu TestCloud store. Fast-forward to today, and we’ve now got well over 2,000 tests, with coverage for hundreds of different apps. We’ve also got lots of customers who are actively using these ready-to-run tests for a wide range of use-cases – everything from verifying application detection signatures to validating application policies, as well as billing and charging.

But regardless of their domain, there are two common questions that customers are curious to understand:

1. How do we select the applications in the first place?
2. How do we ensure the accuracy of the tests?

So for this blog I’m going to give you a behind-the-scenes view into our test content creation process.

Full Post »

Categories: Android, DLP, DPI, Firewall, iPhone, IPS, Netflix, pcapr, Performance, Studio, Testing, Uncategorized, Video, Wireshark
856 Comments
Bookmark and Share

Creating an Application Mix to Model the Production Network

June 3, 2011

Video and P2P Rule!
The traffic making up today’s networks is in a rapid state of flux. Just last week Sandvine, in their Spring 2011 Global Phenomena Report, noted that real-time entertainment continues to increase, and within North America represents almost 50% of peak fixed access traffic (much of this of course is due to Netflix). P2P traffic also continues to carve out a sizeable piece of the pie at around 20%. The rest is a mix of voice, business apps, games, Facebook and chat.

What’s interesting though is that the relative amount of traffic that isn’t application-level is tiny – all the stuff that makes networks run like DNS, ICMP, BGP and so on.

Full Post »

Categories: Cloud, DPI, Firewall, iPhone, IPS, Netflix, Performance, Release, Scalability, Scale, Studio, Testing, Video
807 Comments
Bookmark and Share

Splits, handshakes and bananas

April 14, 2011

It doesn’t matter what business you are in, but #$*(‘ing with your customers by releasing advisories and threatening them to buy your product or services is just plain dumb. For those that are following the TCP-split-handshake epic #fail saga, I have to say, the vulnerability itself is a clever hack. By using double-SYN’s or simultaneous connections (which is incredibly rare and non-existent on most modern networks), one can trick firewalls and IPS’ in not tracking state. This is reminiscent of the original classic Insertion, Evasion and Denial of Service that covered lots of grounds in the pitfalls of deconstructing application state in real-time completely based on the packets that are flowing through.

Full Post »

Categories: Firewall, IPS, pcapr, Rants, Testing
1,121 Comments
Bookmark and Share

Mommy, Netflix is eating my firewall!

April 7, 2011

Personally, as a consumer, I love Netflix, but it hasn’t been the darling of service providers and ISP’s lately. You can read about the Canadian ISP saga here. Our imminent next release of Mu Studio will enable our customers to recreate 1,000,000 concurrent Netflix users watching a movie, so they can understand the impact of their application aware networks. One thing is pretty clear: compared to YouTube, Netflix inflicts so much more pain on the network. Credit for this blog goes to Yuri who did all the reverse engineering. And he’s signed up to Netflix to watch movies during work for “research” purposes. :)

Full Post »

Categories: DPI, Firewall, IPS, Netflix, Performance, Scale, Studio, Testing
1,954 Comments
Bookmark and Share

Testing for Today’s Most Popular Apps…The Holy Grail of Testing?

March 23, 2011

I’ve been in the testing business for many years now and I’ve come across a lot of grandiose claims by test tool vendors with regards to features and capabilities that just sound too good to be true. And in many cases, they are.

When it comes to today’s world of smartphones and tablets and the explosive growth of web and mobile applications, it’s mind-blowing to see the sheer quantity of apps out there. If you look at the number of apps available today on just three of the leading app stores (Apple, Android and Facebook), there’s over a million applications, with tens of thousands of new ones every single month. Full Post »

Categories: Android, Cloud, DPI, HTML5, iPhone, IPS, Scale, Studio, Testing
1,489 Comments
Bookmark and Share

Attacks @ Scale

March 16, 2011

Last month we added a new space on TestCloud with thousands of known attacks as .msl templates. Some of you may recall that the secret behind the speed of test creation with Mu is in the way we can take in a wide variety of formats including .pcap, .har, curl to name a few and convert it into MuSL. So what we did was we took another look at our known attack templates and made that available as .msl templates.

US Cert           secfocus                         SANS

  Full Post »

Categories: IPS, Scale, Studio, Testing
1,235 Comments
Bookmark and Share

Don’t use dumb packet-replay to test modern firewalls

May 13, 2010

I felt a Déjàvu moment today when one of our customers came to us asking if we can help them test Outlook Exchange traffic through their firewall with ALG and NAT turned on. They had tried to re-purpose bit-blasters, load generators, open-source and commercial packet replay tools only to find that nothing was working. Way back when I was building the IDP at OneSecure, my pre-screen interview question was this:

If you only had an [ any, any, tcp/21, allow ] rule in your packet filter, why wouldn’t FTP uploads/downloads work?

Full Post »

Categories: IPS, Rants, Studio, Testing
340 Comments
Bookmark and Share

Adobe JBIG2 Buffer Overflow

February 24, 2009

In case you haven’t seen this, it’s being exploited in the wild with a number of blogs talking about the specific details of the vulnerability. It’s pretty serious because of the very large presence of the Acrobat Reader across a wide range of OS’.

Full Post »

Categories: IPS, pcapr
290 Comments
Bookmark and Share