Idc Traffic Flow Analysis And Cleaning Of Attacking And Defending Discussion

With the rapid development of Internet technology, business's types of IDC are getting more and more, including videos, games, finance and other fields, and the number of its customers is growing exponentially, and the corresponding network traffic characteristics and network security has become particularly important.When IDC just arise in China in the mid-90s last century, its outbound bandwidth is still small, then it expand from hundreds of MB to thousands of MB slowly, now it has been rapidly developed to the 10GB, or even dozens of GB. The type of interface develops from the previous ATM to the current POS. With exports bandwidth's increasing, The based component of IDC flow analysis-traffic acquisition is also changing.In times of past that the bandwidth are just hundred Mbps or thousand Mbps, we can use of port mirroring technology to collect all input and output bandwidth, but when entering the era that 2.5G/10G/40G interfaces appear, the deployment of port mirroring,probe and bypass monitoring techniques that collect flow are no doubt getting more and more difficult.The deployment of the level of need to continue to move down, more and more points need to be deployed, resulting in deployment of the high cost of traffic acquisition technology that is now in the practical application of IDC gradually eliminated.In response to the context of huge flow of traffic origin and destination and flow of the application categories,equipment manufacturers have proposed the concept of FLOW, such as CISCO'S NETFLOW, Juniper's CFlowd, HP/NEC/Alcatel/Foundry, Extreme, etc. sFlow, Huawei The NETSTREAM, etc., especially the NETFLOW CISCO in IDC has been widely used.In this paper, a comprehensive exposition of the principles and traffic data collection methods commonly used technology and IDC is in Tianjin Unicom network operation, extraction and analysis of the various types of Tianjin Unicom IDC network equipment performance indicators and the current network traffic model, the overall flow of IDC A comprehensive analysis of the flow and take, focusing on the traffic data collection methods, including SNMP, port mirroring/probe/bypass, FLOW, RMON main ways such as, Traffic analysis for the needs of existing equipment and proposed a comprehensive collection of traffic, traffic flow analysis solutions, and improved use of existing network traffic monitoring systems to produce a simple asp page and sql database, read-out system to send over alarm code, compiled to the SMS network, providing real-time traffic warning message alarm.In the network attack and defense, the paper discussed in depth the common types of cyber attacks, analyze the attack signatures, and for the popular DoS/DDoS attacks carried out in-depth discussion, such as abnormal traffic detection, traffic anomaly on the details of the (Traffic Anomaly) detection, protocol use disorders (Protocol-Misuse Anomaly) detection, network application exception (Application Anomaly) detection, network interface traffic anomaly (Interface Traffic Anomaly) Detection, BGP hijack exception (BGP Hijack) detection, Through the use of the existing network traffic function of the system development genie to achieve GUARD with Cisco equipment means automatic and manual linkage of technological innovation, but also adds support for ACL's technical innovation, successful implementation of the flow of cleaning equipment linked attack defense and other mitigation features.This article is to improve the quality and the whole network in Tianjin Unicom to provide high quality network support IDC purpose, the use of the above analysis results, relying on IDC network optimization experience and technical knowledge and routine maintenance, through the traffic sampling, observing and analyzing the data, select the solution network optimization method means for the whole network for the design of the network optimization program development and implementation of the project, Carried out for the whole network network optimization program design development, simulation testing, and security technology to improve project implementation reinforcement, and select multiple instances of IDC analysis of the data room to further verify the implementation of network optimization solutions to improve the situation of the network targets, and IDC flow analysis of the important guiding role in network construction, attacking and defending the importance of cleaning of the IDC communications quality customer support functions...