5.4 flood attack threshold mechanism and voice alarm

SYN Flood and the new version of ARP attacks are the most common Flood attacks recently. SYN Flood is one of DoS Denial of Service (DoS) and DDoS distributed denial of service (DDoS) attacks. It uses TCP protocol defects to send a large number of forged TCP connection requests, in this way, the attacked party consumes resources, the CPU is full or the memory is insufficient. ARP attacks are Based on ARP Protocol features. The attack continuously sends fraudulent ARP packets to the attacked computer. The packets contain the same Mac address as the current device, so that when the other party responds to the packets, due to a simple duplicate address error, network communication fails.
Qno has introduced some features of vro products to enable users to flexibly adapt to these new forms of attacks for relative configuration. The following describes the new import functions for different attacks.
•Enhanced flood attack defenseFlood attacks are a type of DOS attacks. They consume CPU and memory resources by sending a large number of semi-connection requests based on network protocol defects. The attacked router will be busy processing the attacker's forged TCP connection requests and ignore the normal requests of the customer, or eventually cause a TCP/IP stack overflow and crash.
In response to this attack, the firewall function in the Qno na router software, coupled with the threshold mechanism of flood attacks, allows users to issue network packets per second for network wide area networks and local area networks or a single IP address per second, set the threshold value. If the threshold value is exceeded, the IP address or the Internet access needs of the entire network are blocked. In this setting, the critical value is the threshold value set for a single IP address. According to the technical support experience of Sino, it is found that the threshold value is set to 2000 packets per second, which should be able to effectively resist attacks. It is worth noting that when the threshold value is set too low, it may affect QQ videos or similar applications, and therefore cannot be set too low.

Figure 4

Figure 4:To defend against flood attacks, you must control the IP addresses that issue a large number of network packets. In addition to the TCP protocol, UDP and ICMP network protocol attacks are also common.
In addition, previous attacks often use the TCP protocol. Recently, we found that UDP and ICMP attacks are gradually increasing. Therefore, this function is added to the product.

•Enhanced protection against MAC/IP spoofing ARP attacks: ARP attacks use broadcast packets to affect network operations. In the past, sino has promoted two-way binding, that is, ARP Protocol binding must be performed on both clients and routers to prevent interference. However, the new version of ARP variant attack software automatically changes the IP address and MAC address, and constantly sends network packets to the router, so that the router is busy processing useless data packets, affecting normal operation.
In the new version of the software, the automatic identification function is added, you can ignore the packets sent by abnormal MAC or IP addresses, and do not forward them, can reduce the impact of attacks. When configuring a vroarp, you can learn the function and confirm the proper IP address and MAC address. Then, the vro can reject other network packets to reduce the impact of ARP attacks. Once this mechanism works, only the computers that launch the attack will be affected, and the attack will be slow, but other users will not be affected.
•Voice Alarm function: The new version of Qno xiaonuo vro has a built-in pronunciation function. In combination with the above features, it can immediately block new State attacks and send a message of attacks by voice. At this time, the network management can know the attack situation in real time, and identify the source of the problem through the log function, isolate it, and effectively control the victims. Xiaonuo stressed that both protection against attacks and real-time notifications must be well done in order to truly help users improve network security.
Related Articles]

• Basic configurations of Security routers for SMEs

• Guard Network Portal Router Security Settings contact

• Router firewall configuration command