Random talk on network attack form of data center
The data center is faced with various security problems, and network security is also an important part of them. Network attack refers to the attack launched on the network part of the data center. Such attacks often cause a series of problems such as slow access to data center applications or data loss. Therefore, the data center will protect the internal network in all aspects to prevent the network from being attacked. If the network of a data center is paralyzed, the entire data center will stop running. Then, what are the forms and implementation principles of network attacks? This article will make a general knowledge popularization so as to have a preliminary understanding of network attacks.
Network attacks can be divided into two situations: one is to launch attacks directly from the outside of the data center. This attack is open, short and fast, and can quickly destroy the network of the data center; The other is ultra vires operation from inside the data center. This attack is hidden, lurking inside the data center network for a long time, imperceptibly changing from quantitative to qualitative, and finally attacking the data center network. There are two types of attacks, one is publicity, the other is introverted, and the target is the network, but the operation is different. Attacks launched from the outside are fast. If the data center fails to resist, it will soon be captured. However, attacks launched from the inside are slow and will be wiped out in case of any carelessness. In this process, the network has many opportunities to defeat attacks. No matter what kind of attack it is, it either consumes network resources, and network data cannot be transmitted, or it uses the defects of IP protocol to cause network table entry disorder.
network resource
Network resources in the data center include bandwidth CPU、 Memory cache, software resources, etc. These resources are invaded through attacks, resulting in abnormal network operation. For example, by injecting a large amount of garbage traffic into the network of the data center, the bandwidth is occupied. The traffic of normal business is short of bandwidth, resulting in congestion and packet loss, and the business is abnormal. In addition, a large number of flow control packets can be injected into the network, causing the illusion of bandwidth congestion, reducing the network forwarding speed, thus reducing the traffic forwarding speed; Network attacks sometimes launch protocol attacks against network devices, causing the CPU of devices to rise, especially switch devices, The CPU's anti attack capability is relatively weak, The CPU is mainly responsible for the processing of control protocols, If the CPU is too high, the normal processing of some protocol packets will be affected, which will cause protocol timeout oscillation, and in serious cases, the device will not respond and hang up. When an important node of the data center network is attacked in this way, the entire network protocol may not work properly and the network will be in an unstable state; Network attacks sometimes launch memory attacks on devices, which consume device memory through a large number of network connections, leading to rapid exhaustion of device memory, abnormal restart of devices, and network service interruption. Sometimes, if the device has a software bug, memory leaks in some specific cases, which may also be exploited by an attacker, and then trigger the device's memory leak, consuming the device's memory bit by bit, and finally falling into an exception; There are also many protocol software resources on the network, such as TCP port number or TCP session number. It is also a way to consume these network resources through attacks and finally make the network system collapse. It can be seen that consuming network resources is a very important way of network attacks. Malicious use up of network resources will trigger network exceptions, resulting in data center paralysis.
Use defects
Although the Ethernet protocol has experienced more than 40 years of development, there are still some protocol loopholes and security problems. Many network attacks take advantage of these known flaws to attack the network. These defects include network system defects, software vulnerabilities, protocol working mechanism, etc. For example, IP fragmentation processing vulnerabilities are often used as attack sources. There are two bytes in the IP header representing the entire IP packet length, so the maximum length of the IP packet can only be 0xFFFF, that is, 65535 bytes. If you intentionally send super large packets with a total length of more than 65535, some old system kernels will have problems in processing, leading to crashes or denial of service. If the offset between IP partitions is carefully constructed, some systems cannot handle it, resulting in a crash. For example, ping o'death Teardrop and jolt2, etc., are based on the principle of sending exception IP fragments. If the kernel of the operating system does not consider all exceptions when processing fragmentation and reassembly, it may lead to an exception process; There are also many types of attacks against network protocols. Almost all layer 7 networks can be attacked. Even the most widely used ARP protocol has protocol vulnerabilities, ARP spoofing is one of them. This is because there is a defect in the ARP cache table. When the requesting host receives the ARP response packet, it will not verify whether it has sent the ARP request packet to the other host. Instead, it will directly save the correspondence between the IP address and the MAC address in the returned packet into the ARP cache table. If the original IP correspondence is the same, the original will be replaced. ARP spoofing enables traffic to the gateway or host to be forwarded through attacks by impersonating the gateway or other hosts. The traffic can be controlled and viewed through forwarding traffic, so as to control traffic or obtain confidential information. ICMP A large number of general network protocols, such as TCP and DHCP, have defects. This is because in the early design of network protocols, security was not considered too much, but instead, attention was paid to interoperability. In the later design of IPv6, security has been considered as an important factor, so security in IPv6 protocol has been greatly improved.
Whether it is using network resources or protocol defects, the ultimate goal is to damage the data center network. The expected effect of such network attacks is basically to damage the network and paralyze the data center network. It is rare to obtain confidential data from network attacks, because the core data of the data center basically exists in the storage device. It will be a very complex and difficult process to intercept and decipher the massive data in the process of network transmission to obtain confidential data one by one. It is also time-consuming to find valuable data from the massive data. Therefore, network attacks mainly hope to achieve destructive effects, and strong aggressiveness is mainly reflected in destructive power. Recently, the network security problem of the data center has gradually attracted more attention. The network protocol standard has been issued long ago, and it is impossible to make too many changes. The data center needs to make targeted protection according to the common model of network attacks, add security protection equipment at key locations, and protect the fragile network system of the data center.
