A large portion of global networks, such as the Internet, and local networks as well are packet networks that use the Internet protocol. In response to the increase of malware and network-based attacks, the use of security devices such as firewalls, intrusion detection devices, and malicious traffic detection devices has increased. Before these network security devices can block malicious packets, they must first identify the packets as malicious, either based on the packet source or the packet contents.
Knowing this, sources of malicious traffic have discovered that some network security devices become confused and unable to properly identify packets as having malicious content if those packets are fragmented and then reordered, resent as duplicates, and/or resent as nulls. Some network security devices are unable to properly identify malicious content within packets that have been deliberately fragmented into packets which overlap each other. Thus, makers of network security devices desire the ability to test their devices' effectiveness against attacks that use these IP fragmentation evasion techniques. Therefore, there exists a need for test equipment that can generate data traffic that replicates these IP fragmentation evasion techniques.
Furthermore, the IP fragmentation evasion techniques are not mutually exclusive of each other. For example, a source of malicious traffic may break the packet that contains the malicious payload into fragments, some or all of which may overlap other fragments, and also reorder those fragments, and also resend some or all of the fragments as duplicates, and also resend some or all of the fragments as nulls. As a result, a network security device must be able to robustly handle a dizzying array of scenarios, each scenario having a different mix of packets that are received by the network security device in different orders and having different content. Thus, makers of network security devices desire the ability to test their devices' effectiveness against all possible combinations of these (and other) IP fragmentation evasion techniques.
Accordingly, there exists a need for methods, systems, and computer readable media for combining IP fragmentation evasion techniques.