https
Gibson Research Corporation Proudly Discloses

The ASSIMILATOR

Rapidly Assimilates the Actual Security Capability
of any Internet Appliance, Computer, or Device.


Our One-of-a-Kind Internet Torture Test Device:

The Birth of The ASSIMILATOR

Several weeks before I conceived and built this cool little Internet Nightmare, I met with representatives of SOHOware. Their company was preparing to introduce a "Secure Cable/DSL Router" for the home/small office market. For all intents and purposes, the features of this little NAT router appeared to be identical to the well-established and popular Linksys router (among others): One 10-baseT WAN port with NAT routing to a four-port 10/100 switch, expandable to 253 users, Web browser-based configuration, etc., etc. Same old story, right? It was even priced the same.

But this router's distinguishing feature was that rather than merely stating that it had "firewall like" features — which is inherently true of any NAT router — SOHOware calls their router "secure" because it incorporates a full, stateful packet inspection firewall, explicit Denial of Service management technology, and the ability to send eMail reports in the event of external intrusion attempts. Of course, all that sounds really cool. And all other things being equal (like the price, which is), who wouldn't rather use a "secure Cable/DSL router" if given the choice? But how do we actually know that these are useful features? How do we know what any of that really means?

When Car & Driver Magazine tests a new car, they certainly start by reading the car's specifications. However, specifications only tell part of the story and a car's specs might actually relate poorly to the needs of the real world out on the road. As the old saying goes: "Specifications can lie." So, Car & Driver takes every car out onto a test track to put it through its paces. They push the car to its limits — and beyond — to find out exactly what it can really do.

Shouldn't we do the same with our
Internet Security technologies?

Because I have an "influential voice" in this Internet security industry, the SOHOware folks handed one of these newly minted "secure Cable/DSL routers" to me . . . and now, presumably, they would like to me to say something meaningful about it. Hmmmmm. That's a problem. SOHOware is also sending them out for "review" to all of the other various magazines and influential Internet consultants. But what are those guys going to say? What CAN they say? It's a nice color of blue? It has a longer power cord than the Linksys and D-Link NAT routers? The retail packaging seems a bit bigger than it needs to be? Nice user's guide?

Knowing how it performs UNDER FIRE is what
we really want, but that's much more tricky.

You know me. If I have any choice I don't want to just regurgitate their specs and press propaganda. (Which is what I'm afraid everyone else will pretty much be forced to do.) For example, the SOHOware "Reviewer's Guide" states:

"While NAT Firewalls are a good protective gate that can thwart hackers' attempts before they reach your computers, they are no longer enough to keep your network safe. As with a lock on your door, intruders who are determined and know what they're doing can recognize a NAT and use methods to circumvent it."

That sounds bad if it's true. But unless a NAT router has weaknesses I don't know about, it doesn't make lots of sense. On the other hand, what happens if we flood the various routers with TONS of garbage? How much of their resources do they consume in dealing with malicious packets? And for that matter, what about the software firewalls running on our machines? How good are they when they are under attack? Isn't it about time we found out?

I can see how running an Internet server behind the router could expose the user to Denial of Service (DoS) vulnerability (since you have a machine accepting unsolicited anonymous connections), in which case having a DoS-resistant gateway would be really useful. But since all NAT clients should have a software firewall anyway, isn't that enough? Or is it? No one knows. Yet.

Is a software firewall as good as one in hardware? I think we ought to know. Can I make a Linksys or D-Link NAT router melt down and smoke, while SOHOware's router laughs in my face? Can I design an exploit to deliberately penetrate a non-stateful packet inspection NAT router which would be stopped cold by a packet inspector? It seems to me it's my job to find out  . . . then tell the world something truly meaningful about such a comparison. That's when  . . .

I realized that my "Bag of Tricks" was
missing an Internet Torture Test Device.

We need to be able to subject our computers, firewalls — both software and hardware — and other Internet devices to variable-intensities of Denial of Service attacks, ping-of-death floods, storms of deliberately fragmented packets and anything else we can imagine in order to find out exactly how well they perform when they are actually under fire. Unless we do that, we're really just responding to slick marketing.

For this reason . . . The ASSIMILATOR was born.

The ASSIMILATOR

The ASSIMILATOR is a stand-alone, high-performance, application-specific, multi-protocol, dual NanoProbe/GENESIS TCP/IP stack equipped, Internet Protocol Torture Testing Device:

The ASSIMILATOR can generate any possible type of Internet attack
while simulating and monitoring the behavior of an innocent client.

Using a pair of independent, high-performance, 10/100-baseT NIC interfaces to simulate any network configuration, The ASSIMILATOR can easily simulate a much harsher network environment than any personal computer or WAN-connected device could ever experience in real life. Thanks to the custom NanoProbe TCP/IP protocol stacks, The ASSIMILATOR can "wrap around" a NAT router, simultaneously interconnecting to both its WAN and LAN interfaces, to simultaneously simulate the presence of remote Internet servers and local Internet clients. It can assault any device's TCP/IP stack with a fully-saturated 100-Megabit Ethernet stream of nightmare packet traffic . . . while monitoring the device's responses and performance.

The Internet is here to stay. It's time
to find out how well our toys work.

ASSIMILATOR Applications:

The ASSIMILATOR has been designed to answer any question we can ask. Here are some of the questions we will soon be asking:

What REALLY happens when any of the leading software firewalls are subjected to an intense attack? Do they collapse? And if so, how much can they take before dying? And exactly how do they die? Do they break down and let traffic through? Can traffic still get out? Do they take the PC down with them?

Do the software firewalls slow down our machines when they are passing heavy traffic? How much of the system's processing resources are consumed by normal, non-attack, traffic management?

How do the various hardware NAT routers compare? Are there truly any vulnerabilities from the outside world? Does a "secure" router like SOHOware's really buy us anything? And if so, exactly what? Can an attacker take advantage of a dynamic NAT-connection through the router? Does the presence of an externally accessible server open a hole for exploitation?

Do any of the hardware solutions leave any high-numbered ports non-stealthed or open? The ASSIMILATOR will be able to perform ultra-high speed parallel port scans to quickly check all 131,070 TCP and UDP ports for any previously undetected leaks.

And what about a full port-scan for any locally-connected computer? Even though the Winsock networking layer might not have a port open, the firewall ITSELF COULD have a hidden backdoor that couldn't be seen except from the outside!

What is the maximum network bandwidth possible for any of the various flavors of Microsoft Windows? Is any version of the operating environment faster or slower than any others? Let's find out. Is there any performance penalty associated with having multiple protocols? Let's find out.

The next release of Windows, codename Whistler, has a built-in user-configurable firewall. How does it measure up to the various commercial products?

The Windows NT 4.0 TCP/IP stack was completely redesigned for Windows 2000. Is it any better?

 . . . and so on.

ASSIMILATOR Specifications:


Click Image for Enlargement
300 Mhz, Pentium-class processor.
256 Kbyte system BIOS
128 Mbyte system RAM
256 Mbyte solid-state, non-volatile, disk
20 Gbyte, 2.5" rotating hard disk
Dual, Intel Ethernet NIC interfaces
Dual USB interfaces
VGA Display, 1024x768 @ 16bpp
PS/2 Keyboard
PS/2 or Serial Mouse
SPP/EPP/ECP Parallel Printer Port
Self-contained, lightweight, portable
As you can see, The ASSIMILATOR is a small yet extremely capable PC-compatible computer system. Its software architecture shares a common code base with GRC's ShieldsUP!! and NanoProbe server systems, enabling each of them to draw from the experience and technology of the other.

It is time for us to determine which Internet security
devices REALLY work . . . and which are just toys.


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Oct 06, 2003 at 14:32 (3,847.29 days ago)Viewed 56 times per day