Attack by virus: an analysis of the advantages of large machine room network Black Hole

Generation Principle of network Black Hole
Friends who have some knowledge about network technology have encountered this kind of thing: without the support of UPS uninterruptible power supply, due to the sudden interruption of power supply, as a result, all devices in the company's data center, including routers, are stopped.

When the power supply resumes, the node router restarts and the internal and external networks are not completely restored within a few minutes. During this period, data transmitted over the network may be lost due to abnormal transmission and receipt.

How did this network fault occur?

Within a few minutes after the node router is restarted, the router will first send a connectivity notice to its next node. However, due to power failure, the route table information is lost, at this time, the node Router does not have the complete route table information, so after it sends the connectability notice, the transit data packets passing through the node are directly discarded because they cannot obtain the correct route direction. This is the cause of data loss.

Solution to network Black Hole

So how can we solve this network fault?

The cause of packet loss is that the node Router does not have the complete route table information, so let's start from here: Go to the node route management interface and set the ospf value to the maximum, to quickly confirm the router location of each node, and establish a complete route table in the shortest time.

Looking at the data loss process mentioned above, you may think it is the same as the natural "black hole" that everyone is familiar. Yes, the above data loss phenomenon is the network "black hole", and the two phenomena produce identical results of completely lost things, that is, the reason why the network "black hole" is named!

In addition to the above non-artificial network black holes, there are also some network black holes caused by malicious attacks, for example, if the router of the node that receives the packet fails to receive the packet due to a packet transmission route error, or the router of the node that receives the packet will refuse to receive the packet, the data will be lost, or the pseudo IP information will be sent to cause network interruption to result in packet loss.

However, no matter how it is implemented, the result is the same as the "black hole" in the natural phenomenon of the universe absorbing and forever "evaporation" cosmic dust, resulting in the effect of data packets no longer exist. The consequence is obvious: when the data packet receiver does not receive the data packet for a long time, it requests data again from the data packet sender, which wastes time and delays the work, the cause is that the original file is accidentally deleted by the packet sender without being confirmed to receive the packet, causing immeasurable economic losses.

To solve the preceding manual black hole problem, we only need to prevent the problem by setting Information Filtering policies on the router side or embedding more advanced intelligent filtering functions for various manual black hole principles and rules.
　　
　　
In ancient times, the flood of years brought endless disasters to mankind. All the leaders of our predecessors tried to block the flood by force, but the result was: they all failed!
Till Dayu took the responsibility of water control, he used the method of drainage to import the flood into the Kyushu land and eliminate the flood to the invisible.

The packet loss caused by the Network black hole is immeasurable. However, in turn, we can use the black hole packet loss feature to benefit the masses.

Early Anti-traffic attack methods: intelligent interception

At the end of the last century, all the friends who had worked on network technical support at IDCs for quite some time are estimated to have been grayed out by the same type of attacks, that is, traffic attacks.

At first, we used the following methods to counter traffic attacks: To disable some functional modules of the core router that may be used by the traffic attack principle, or directly add modules with powerful analysis and filtering functions on the core router.

These methods have also achieved some results at the beginning:

Disabling some of the core router functions can prevent some traffic attacks from being ineffective. However, this method is used by hackers to steal confidential data, when more and more traffic attacks based on TCP/IP technology emerge, the larger security risks caused by this method cannot be accepted by network managers;

Adding powerful analysis and filtering modules on the core router is a good method. However, it is bound to greatly occupy the processing resources of the core router, as a result, the core router cannot perform normal and basic fast route transmission because it processes large route information at the same time, resulting in Network Data congestion. When the Network Manager

This method of traffic interception also fails when the core router's efficiency is greatly reduced.

Mature anti-traffic attack methods: Black Hole dredging

The time is not long. Smart network security technicians quickly come up with a solution: when planning the network framework, the core router functions remain unchanged, only one or more cascade routers (used in large data centers) are added to the fire prevention system and network black holes are set. The routers at this position only provide simple and non-intelligent routing functions, the black hole technology is used to intelligently analyze inbound Intranet traffic, illegal traffic is permanently discarded at this layer through the black hole technology (cascade routers in the mainframe room will also divert illegal traffic to a level-1 router, to reduce the traffic pressure on a single router ).

With the passage of time, the capabilities of both sides will continue to grow as time advances. During this period, as the attacking party's traffic attack means are increasing and the traffic volume is increasing, and as the defending party's network manager, it is in addition to rapidly improving the guidance policy, thanks to the increasing processing capability of network products, more intelligent and regular illegal traffic filtering modules can be added while the processing performance of core routes is greatly improved, at the same time, targeted second analysis and filtering are carried out on the black hole in the firewall, combining the two methods of blocking to better defend against traffic attacks.

The hacker attack and defense includes the original rule that is suitable for both sides: attack with poison! The Application of black hole technology comes from this!

After a few years, black hole is still an essential part of network deployment. At this time, everyone has realized that the application of black hole technology in the network plays an important role in defending traffic attacks.