ISEAGE Traffic Generator • Senior Design Team sdmay19-39
This project provides a configurable tool for generating network traffic. This tool was designed with two main use cases in mind: Cyber Defense Competitions and Cyber Security Classes.
Cyber Defense Competitions
This tool increases the realism of the competition environment by varying and increasing the volume of traffic on the competition network. Without this tool, students attempting to secure services during the competition can assume that most of the traffic accessing their machines is malicious. Assumptions like that do not hold in the real internet, and it allows for unrealistic reaction time. By increasing the volume and type of traffic teams receive during the competition it is harder for them to know when they are being targeted by a the red team, their service is being used by the green team, or they are being sent traffic from this tool. In a competition setting the tool provides:
- Framework for network generation based on “tasks” - individual types of traffic that vary from competition to competition. An example of a “task” could be an ssh brute force attack, for example.
- Source address rewriting - the tool appears to be multiple machines on the network.
- Asynchronous task execution - multiple types of traffic can be sent to multiple targets at the same time
- Extensibility - There is an obvious path to add new types of traffic.
Cyber Defense Classes
In a classroom setting, the tool can be configured to provide “interesting” traffic for the students to examine. For example, the tool could be set up to produce traffic that would trip alarms on an internet detection system. This means that when students learn how about internet detection systems, they can see what it’s like when an alarm goes off, or when they learn about https they can have plenty of http packets to inspect in wireshark, etc.
Example Video
The video above shows the configuration of two tasks. The first task is a WGET task to simply pull two webpages from two different ip addresses. The second task is to generate traffic designed to set off alarms based off of a snort rule file. In both cases the tasks are set to have their source ip address changed. When the tool is ran you can see that packets have been generated with the correct targets and source ip address.