Network Attack sustained horizontal router protection must be upgraded

Related Articles]New router software released against SYN and ARP attacks qno

Bkjia.com exclusive report] the previous article mentioned the features of new-State attacks and the functions available for existing routers, which gave users a basic understanding of network attack prevention measures. Once published, this article has been recognized by many users, and some loyal users have begun to ask for further assistance. In this article, we will introduce the new FVR360v duwan and FVR420v four-WAN vrouters added with defense functions and configuration methods.
The following describes some features of the FVR360v/FVR420v vro recently developed and released by Qno, so that users can have more flexibility to cope with new forms of attacks and make relative configurations. The following functions are imported to FVR300, FVR360, FVR360v, FVR420, and FVR420v. For different attacks, the new import function is required.

FVR360v/FVR420v new vro defense function
1. Enhanced flood attack defense: flood attacks are DOS attacks. They consume CPU and memory resources by sending a large number of semi-connection requests based on network protocol defects. The attacked router will be busy processing the attacker's forged TCP connection requests and ignore the normal requests of the customer, or eventually cause a TCP/IP stack overflow and crash.
In response to this attack, the firewall function in the FVR360v/FVR420v software, coupled with the door-to-door mechanism of flood attacks, users can issue network packets per second for the Network WAN and lan network packets or a single IP address per second and set the door-to-door, if the access threshold is exceeded, the Internet access needs of the IP address or the entire network are blocked. In this setting, the key point is to set the threshold for a single IP address. Based on the actual work experience of Qno technical engineers, we found that the threshold is set to 2000 packets per second, effectively resist attacks. It is worth noting that when the threshold is set too low, it may affect QQ videos or similar applications. Therefore, it cannot be set too low.

Figure 1: UDP and ICMP network protocol attacks are also common

Figure 1: to defend against flood attacks, you must control the IP addresses that issue a large number of network packets. In addition to the TCP protocol, UDP and ICMP network protocol attacks are also common.

2. Enhanced protection against MAC/IP spoofing ARP attacks
In addition, previous attacks often use the TCP protocol. Recently, we found that the types of UDP and ICMP attacks are gradually increasing, therefore, we added this feature to the FVR360v and FVR420v new products.
ARP attacks use broadcast packets to affect network operations. Qno has previously promoted a two-way binding solution, that is, ARP Protocol binding must be performed on both the client and the router to prevent interference. However, the new version of ARP variant attack software automatically changes the IP address and MAC address, and constantly sends network packets to the router, so that the router is busy processing useless data packets, affecting normal operation.
In the new FVR360v/FVR420v software, the automatic identification function is added to ignore packets sent by abnormal MAC or IP addresses and do not forward them, reduces the impact of attacks. When configuring a vroarp, you can learn the function and confirm the proper IP address and MAC address. Then, the vro can reject other network packets to reduce the impact of ARP attacks. Once this machine is used, only the computers that launch the attack will be affected, because the attack is busy and slow, but other users will not be affected.
4. Voice Alarm function:
The new Qno xiaonuo FVR360v/FVR420v built-in pronunciation function, with the above features, can immediately block new State attacks, at the same time, it will send a message of attacks in the form of voice warning. At this time, the network management can understand the attack situation in real time, and identify the source of the problem through the log function and isolate it to effectively control the victims. Qno Xia Nuo stressed that both protection against attacks and real-time notifications must be well done in order to truly help users improve network security.

Figure 2: FVR360v/FVR420v voice attacks

Figure 2: the new version of Qno xiaonuo FVR360v/FVR420v provides the built-in pronunciation function, which can immediately block new-State attacks and send attacks by voice.

Overall Solution
In addition to router configuration, Qno's Technical Service Department also summarized many of the country's senior network management experience, and provided two notable improvements:
1. reduce users' chances of using plug-ins
Many attack events in the environment are usually caused by the use of plug-ins. Therefore, if you can reduce the use of plug-ins, you can reduce attacks. Some advanced Internet cafes in China already provide complete plug-ins so that users are not allowed to download software from the Internet, which can reduce attacks. This is not a habit for some Internet cafes, but it is an effective control method.
2. Works with a layer-3 Switch Control Network
Many large and medium-sized Internet cafes in China use layer-3 switches as backbone switches. As layer-3 switches also have many control functions, such as making good use of layer-3 switches, they can also better defend against attacks. It is a pity that some network administrators only use layer-3 switches as common switches!