Routing Technology, router and network security

Source: Internet
Author: User

A Router is one of the most important devices on the Internet, tens of thousands of routers all over the world constitute the "bridge" of the Internet, a giant information network that keeps running around us day and night ". The core communication mechanism of the Internet is a data transmission model called "Storage forwarding. In this communication mechanism, all data flowing on the network is sent, transmitted, and received in the form of packets. Any computer connected to the Internet must have a unique network address to communicate with other machines and exchange information ". Data is not directly transmitted from its "Starting Point" to "destination". On the contrary, data is divided into segments of a certain length according to specific standards before transmission-data packets. The Network Address of the destination computer is added to each data packet, which is like an envelope with a good recipient address. Such data packets will not be lost during online transmission ". Before arriving at the destination, these packets must be transmitted through multiple communication devices or computers on the Internet. The operation of the station in ancient times is an image of this process. On the internet, routers play the role of forwarding data packets "station.

Most popular routers exist in the form of hardware devices, but in some cases, "software routers" are also implemented using programs. The only difference between the two is that the execution efficiency is different. Generally, a router is connected to at least two networks and determines the transmission path of each data packet based on its status of the connected network. The router generates and maintains a table named "route info table", in which the address and status information of other adjacent routers are tracked. The router uses the routing information table and determines the optimal transmission path of a specific data packet based on optimization algorithms such as the transmission distance and communication fee. This feature determines the "intelligence" of the router. It can automatically select and adjust the data packet transmission status based on the actual running status of the adjacent network, make the best effort to transmit data packets at the optimal route and minimum cost. The security and stability of routers directly affect Internet activities. Whatever the cause, the router crashes, the denial of service, or the operation efficiency drops sharply, the results will be disastrous.

The methods used by hackers to attack routers are similar to those used to attack other computers on the Internet, because in a strict sense, a router itself is a computer with a special mission, although it may not look as familiar as PCs. Generally, hacker attacks against vrouters are divided into the following two types: one is to obtain management permissions through some means or channels and directly intrude into the system; first, remote attacks may cause the router to crash or cause a significant reduction in operating efficiency. In comparison, the former is more difficult.

In the first intrusion method mentioned above, hackers generally use the carelessness of system users or known system defects (such as "bugs" in System Software) to gain access to the system, the super administrator privilege is obtained through a series of further actions. Generally, it is difficult for hackers to gain control of the entire system from the very beginning. In general, this is a gradually upgraded intrusion process. Because vrouters do not have as many user accounts as normal systems, and they often use dedicated software systems with relatively high security, therefore, it is much more difficult for hackers to obtain the management right of the router system than to intrude into a common host. Therefore, most of the existing hacker attacks against routers can be classified into the second type of attack methods. The ultimate goal of this attack is not to directly intrude into the system, but to send a large number of "junk" packets to the system by sending aggressive packets to the system or sending them at a certain interval, this consumes a lot of system resources of the router, making it unable to work normally or even crash completely.

Introduction to Routing Technology

STUN Technology:

That is, the serial tunnel technology. This technology sends the SNA software package from the serial port of FEP (3745/6) to the vro, Which is packaged into IP data packets and then transmitted in the network composed of routers, then, the SDLC data packets restored to SNA are sent to the SDLC interface device after the router is split.

CIP technology:

CIP is the Channel Interface Processor ). It is a plug-in card device that can be conveniently installed in the CISCO7000 series router. CIP is connected directly to the IBM mainframe to provide multi-protocol inter-network access for the IBM mainframe. Provides TCP/IP, SNA, and APPN traffic for large machines, thus canceling the need for intermediate devices (such as 3172 interconnected controllers and IBM3745/6 FEP.

DLSw Technology:

It is an international standard technology that can package SNA software packages in IP Mode and then transmit them to any vro node on the IP network, the SNA node (such as RS6000) that transmits SNA data packets to the SDLC interface device or the Ethernet interface (or token ring) interface device through the router serial port ).

An E1 interface of MIP:

It can provide 30 64 Kbps sub-channels, and can also be combined into a larger sub-channel of N × 64 KB, which is sufficient to meet the bandwidth requirements for connecting to the local cities for a long time.

CiscoWorks:

Network management applications are a series of SNMP-based management applications that can be integrated on the SunNet Manager, HP OpenView, IBM NetView/AIX, and Windows95/NT platforms. They provide the following functions: allows remote installation of new routers using neighboring routers to provide a wide range of dynamic status, statistics, and configuration information for Cisco's Internet products, visually displaying Cisco devices, and basic troubleshooting information.

Audits and records configuration file changes, and detects unauthorized configuration changes on the network. This allows you to conveniently view the status information of a device by recording the contact information of a specific device in the configuration of similar routers in the network, including buffer memory, CPU load, available memory, APIs and protocols used to collect historical network data and analyze network traffic and performance trends, the authorization check program is displayed graphically to protect CiscoWorks applications and network devices from unauthorized user access. In particular, Cisco manages SNA networks well, A CiscoWorks Blue network management application for IBM network management has been specially developed. In addition to the above functions, the SNA-type MIBs In the router has been added and the NMVT and LU6.2 management modes are supported, provides SNA management functions, such as knowing the status of each SNA resource in the network and changing the SNA resource status to help detect problems related to the delay of network data streams, it can be used to measure the response time from the host to the LU.

Article entry: csh responsible editor: csh

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.