Switch Anti-attack introduction Highlighted

Created Nov 26, 2018 16:49:46Latest reply Dec 27, 2018 15:46:44 322 10 4 0

Problem Background: At present, there are many hidden dangers in the network that may cause the control plane to be overloaded. For example, there are a lot of viruses or hacking tools in the network. These viruses or tools are waiting to attack network devices, which is will be caused the network accident. Among them, ARP and ICMP attack are common. The principle of these tools or viruses is to monopolize the resources of the attack object or to spoof the address, it will be caused the attack target business to crash. If the switch respond to ICMP and ARP packets without restriction, the CPU usage will be high when the virus is attacked. In this case, the control plane signaling protocol may be interrupted, and even the user's normal ARP request will not be responded. Attacked by a virus, causing business disruption.

Problem Description: The CPCAR is one of the main function of the switch device security. It perform service refinement on the packets sent to the control plane and speed limit and queue scheduling respectively to protect the security of the control plane.

The figure below is a schematic diagram of the current local anti-attack framework. The device is protected by hardware or software on the forwarding plane and the control plane respectively.

164839fiaklzs300sy5hi6.png

 

As can be seen from the figure, the local anti-attack mainly has three levels of protection:

 

The first level: ACL and other means to identify the traffic that needs to be sent to the control plane, and its speed limit or discard processing, implemented by ASIC hardware. The methods mainly include: CPCAR, blacklist, automatic penalty ACL, and traffic suppression.

The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.

 

  • x
  • convention:

Torrent     Created Nov 26, 2018 16:51:47 Helpful(0) Helpful(0)

The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.

thanks for sharing such a good example, learned!
  • x
  • convention:

yjhd     Created Nov 26, 2018 16:51:50 Helpful(0) Helpful(0)

thanks
The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.
  • x
  • convention:

GongXiaochuan  Adept   Created Nov 26, 2018 17:06:04 Helpful(0) Helpful(0)

If an attacker forges the gateway address to send ARP packets with the source IP address being the IP address of the gateway on the LAN, ARP entries on hosts in the LAN record the incorrect gateway address. As a result, all traffic from user hosts to the gateway is sent to the attacker and the attacker intercepts user information. Communication between users is interrupted. To defend against bogus gateways, you can enable the ARP gateway anti-collision on gateways.
  • x
  • convention:

Good Good Study Day Day Up
Mysterious.color  Novice   Created Nov 26, 2018 17:46:23 Helpful(0) Helpful(0)

thanks it's very good
  • x
  • convention:

find what you love and let it kill you.
littlestone     Created Nov 26, 2018 20:41:56 Helpful(0) Helpful(0)

Car often has http, arp, ICMP and other speed limits
In order to protect the security of the control plane, it refines the traffic of the data packets sent to the control plane, and restricts the speed of the data packets sent to the control plane and schedules the queue.
  • x
  • convention:

faysalji  Novice   Created Nov 28, 2018 17:15:12 Helpful(0) Helpful(0)

very good case
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
faysalji  Novice   Created Nov 28, 2018 17:15:37 Helpful(0) Helpful(0)

well decribed
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
faysalji  Novice   Created Nov 28, 2018 17:15:46 Helpful(0) Helpful(0)

thanks..
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
xiaomumu  Novice   Created Dec 24, 2018 09:44:38 Helpful(0) Helpful(0)

This post was last edited by xiaomumu at 2018-12-27 10:46. Switch anti-attack is very detailed
  • x
  • convention:

12
Back to list

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top