Switch Anti-attack introduction Highlighted

Latest reply: Dec 27, 2018 07:46:44 472 10 5 0

Problem Background: At present, there are many hidden dangers in the network that may cause the control plane to be overloaded. For example, there are a lot of viruses or hacking tools in the network. These viruses or tools are waiting to attack network devices, which is will be caused the network accident. Among them, ARP and ICMP attack are common. The principle of these tools or viruses is to monopolize the resources of the attack object or to spoof the address, it will be caused the attack target business to crash. If the switch respond to ICMP and ARP packets without restriction, the CPU usage will be high when the virus is attacked. In this case, the control plane signaling protocol may be interrupted, and even the user's normal ARP request will not be responded. Attacked by a virus, causing business disruption.

Problem Description: The CPCAR is one of the main function of the switch device security. It perform service refinement on the packets sent to the control plane and speed limit and queue scheduling respectively to protect the security of the control plane.

The figure below is a schematic diagram of the current local anti-attack framework. The device is protected by hardware or software on the forwarding plane and the control plane respectively.

164839fiaklzs300sy5hi6.png

 

As can be seen from the figure, the local anti-attack mainly has three levels of protection:

 

The first level: ACL and other means to identify the traffic that needs to be sent to the control plane, and its speed limit or discard processing, implemented by ASIC hardware. The methods mainly include: CPCAR, blacklist, automatic penalty ACL, and traffic suppression.

The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.

 

  • x
  • convention:

Torrent
Created Nov 26, 2018 08:51:47 Helpful(0) Helpful(0)

The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.

thanks for sharing such a good example, learned!
  • x
  • convention:

yjhd
Created Nov 26, 2018 08:51:50 Helpful(0) Helpful(0)

thanks
The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.
  • x
  • convention:

GongXiaochuan
Created Nov 26, 2018 09:06:04 Helpful(0) Helpful(0)

If an attacker forges the gateway address to send ARP packets with the source IP address being the IP address of the gateway on the LAN, ARP entries on hosts in the LAN record the incorrect gateway address. As a result, all traffic from user hosts to the gateway is sent to the attacker and the attacker intercepts user information. Communication between users is interrupted. To defend against bogus gateways, you can enable the ARP gateway anti-collision on gateways.
  • x
  • convention:

Good Good Study Day Day Up
Mysterious.color
MVE Created Nov 26, 2018 09:46:23 Helpful(0) Helpful(0)

thanks it's very goodSwitch Anti-attack introduction-2808305-1
  • x
  • convention:

Passion%20to%20learn
littlestone
Created Nov 26, 2018 12:41:56 Helpful(0) Helpful(0)

Car often has http, arp, ICMP and other speed limits
In order to protect the security of the control plane, it refines the traffic of the data packets sent to the control plane, and restricts the speed of the data packets sent to the control plane and schedules the queue.
  • x
  • convention:

faysalji
Created Nov 28, 2018 09:15:12 Helpful(0) Helpful(0)

very good case
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
faysalji
Created Nov 28, 2018 09:15:37 Helpful(0) Helpful(0)

well decribed
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
faysalji
Created Nov 28, 2018 09:15:46 Helpful(0) Helpful(0)

thanks..
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
xiaomumu
Created Dec 24, 2018 01:44:38 Helpful(0) Helpful(0)

This post was last edited by xiaomumu at 2018-12-27 02:46. Switch anti-attack is very detailed
  • x
  • convention:

12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login