Pay attention to DoS router attacks for network security

At present, Dos has evolved from the original "prank" into a malicious behavior of targeted and selective attacks on the router. It is like a dangerous dark stream coming to us.

Using Dos to attack a vro will seriously affect the entire internet. Because the routing protocol will be directly attacked, which will cause serious server availability problems in a wide range. There are several reasons why vro attacks attract hackers.

Unlike computer systems, routers are usually inside the enterprise's infrastructure. Compared with computers, they are relatively weak protected by monitors and security policies, thus providing illegitimate hiding places for those who are not doing anything. Many routers are improperly configured. The default password provided by the manufacturer is the primary cause of network security and destruction. Once compromised, A vro can be used as a platform to scan and cheat connections, and as a stepping stone for launching dos attacks.

"A router is a portal to a company," said lauli vikos, a senior analyst at Cahners in-stat. It has been a hacker's target for some time, and hackers now seem to be more familiar with this situation. They often find that the locked target's front door is locked, and then they will look for whether the patio door is open ."

Vikos insisted that vro attacks would have devastating consequences on the network. Because routers are often integrated with vpn services or firewalls, they are more attractive to hackers. Once the router is in danger, the entire network becomes very dangerous.

Another problem is the shortening of time-to-exploit mentioned by the Computer Emergency Response Team (cert) Coordination Center at Carnegie Mellon University. That is, once a system or device vulnerability is discovered, it is too late to install a security patch in a short time.

So how can we take appropriate countermeasures to defend against dos? Traditional security solutions can only be used to combat dos attacks. Because firewalls and intrusion detection systems (ids) aim to detect attacks against individual network servers or hosts, rather than network infrastructure.

To solve this problem, several companies have come up with a dedicated defense against dos attacks. Arbor networks has become a pioneer in this field by virtue of its product peakflow dos. Peakflow deploys a data collection program to analyze the communication traffic (before arriving at the enterprise router or firewall) and search for anomalies. This type of information will be forwarded to the control program, and then the attack will be traced for review. At the same time, the control program sends filtering suggestions to network administrators for corresponding deployment to avoid attacks. The initial price for the enterprise solution they offer is $0.13 million, and arbor also plans to provide this service for smaller networks on a monthly basis.

Tripwire for routers uses a moderate price scheme to monitor the startup and configuration files of the cisco router. It notifies you of any changes to the security status of the device. Currently, only solaris 7 or 8 workstations are available. Windows 2000 is coming soon. The price varies with the number of vrouters. An evaluation software is available for download.

Generally speaking, having some basic knowledge is the first and probably the best defense method. This ensures that you keep an eye on every connection of the external access router and change the default security configuration, especially passwords.

These new trends of Dos attacks indicate that service availability is at risk, and both the network and the entire Internet may be more difficult to prevent. In addition to the impact on your network, the lack of security review on routers and infrastructure will also make you unintentionally an accomplice to dos attacks. Pay close attention to developments and shoulder the responsibility of protecting network security in all aspects so that you can avoid disasters.