Test and solution for ROS and Intranet SYN Attacks

Source: Internet
Author: User
Tags winbox

ROS2.96 is installed on the virtual machine, and the network segment is set to The OK attack starts.
The following SYN attack software appears first
The image of this topic is as follows:
Images related to this topic

After the attack for 2 minutes, no response was made at all, but the ping to ROS started with a high latency, no packet loss, and three machines were connected to attack ROS, and everything was normal. In ROS, we can see a large number of SYN connections. The CPU usage and traffic of the attacked machine are not high, and we strongly suspect that the attack traffic is too small. But why did I use this software to attack my hard route (Fast Connect 4000 ......
It is also worth noting that if winpcap is disabled in the system, the above program is invalid and cannot be attacked.
The second SYN attack software has appeared, namely:
The image of this topic is as follows:
Images related to this topic

This guy is so violent that the ROS attack will immediately increase the latency within 10 seconds, and the packet loss rate will reach 80% within 30 seconds. The time will continue. Only occasionally can ping ROS. Basically, it has been determined that it has crashed. In addition, it is worth noting that this software can also launch Normal attacks on machines that disable winpacp. The attack traffic with this software is so high that it takes just a few minutes.
The image of this topic is as follows:
Images related to this topic

. It seems that the hope to use ROS to defend against SYN attacks is shattered.
Start your mind and think about the flow of data packets through the LINUX firewall, and decide to add a firewall rule in the ros input chain. The idea of this rule is to leave a management IP address that can connect to the ROS Local Machine for convenient management using winbox. All other machines do not reflect the new SYN connection sent by the ROS host when dorp is discarded. Then configure the firewall. The rules are as follows:
The image of this topic is as follows:
Images related to this topic

Images related to this topic

Images related to this topic

After the rules are set, the attack will continue. packet loss will start in about 30 seconds, but the packet loss rate will be greatly reduced. The attack will continue for more than two minutes, with the packet loss rate basically 30%, it is much better than not setting rules before, but it does not completely solve the problem. In addition, we found that the idea is very wrong, that is, ROS is not highly demanding on machine hardware. In fact, ROS still has low requirements on CPU. The stronger the CPU, the longer it takes to defend against attacks.
Note: You must be very careful when setting this rule. Of course, there should also be many people who have other similar setting methods. If someone wants to set this rule by myself, be careful. Otherwise, all machines may be unable to connect to ROS due to incorrect settings and use WINBOX for management. If you accidentally set it to the forward chain, you will not be able to access the network. Remember, it must be an input chain, and the IP addresses used for management must be excluded.
In addition, when setting rules, you forget
The image of this topic is as follows:
Images related to this topic

Set the response time of syn. It is estimated that setting a short time can also play a role.
The conditions and time are limited. Only so many results are tested. The purpose is to encourage others to discuss and study and defend against Intranet attacks.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.