Routers are one of the most important devices on the Internet. It is the tens of thousands of routers spread all over the world that form the "bridge" of the Internet, a giant information network that runs around us day and night. The core communication mechanism of the Internet is a data transmission model called "store and forwarding". Under this communication mechanism, all data flowing on the network is sent, transmitted and received in the form of a packet. Any computer connected to the Internet must have a unique network "address" to communicate with other machines and exchange information. Data is not transmitted directly from its "starting point" to the "destination". On the contrary, data is divided into fragments of a certain length according to specific standards before transmission. Each data packet is added with the network address of the destination computer, which is like putting an envelope with the recipient's address written. Such a data packet will not be "lost" when it is transmitted online. Before reaching the destination, these data packets must be forwarded and relayed through layers of communication devices or computers on the Internet. The operation of ancient post stations was a vivid metaphor for this process. On the Internet, routers play the role of forwarding packets "post station".
Most popular routers exist in the form of hardware devices, but in some cases, programs are also used to implement "software routers". The only difference between the two is the difference in execution efficiency. The router is generally associated with at least two networks and determines the transmission path of each packet based on its status of the connected network. The router generates and maintains a table called a "routing information table" where the address and status information of other adjacent routers are tracked. The router uses a routing information table and determines the optimal transmission path for a specific data packet based on optimization algorithms such as transmission distance and communication costs. It is this characteristic that determines the "intelligence" of the router. It can automatically select and adjust the transmission of data packets according to the actual health of the adjacent network, and do its best to deliver the data packets at the best route and the lowest cost. Whether the router can operate safely and stably directly affects the activities of the Internet. Regardless of the reason why the router crashes, denial of service or sharp decline in operational efficiency, the result will be disastrous.
The methods of hacking routers are similar to those of attacking other computers on the Internet, because in a strict sense, the router itself is a computer with a special mission, although it may not look like a PC that people usually know. Generally speaking, hackers' attacks on routers are mainly divided into the following two types: one is to obtain management permissions through some means or means and directly invade the system; the other is to use remote attack methods to cause the router to crash or run significantly reduce its operating efficiency. In comparison, the former is more difficult.
In the first intrusion method mentioned above, hackers generally use the carelessness of the system user or known system defects (such as "bed bugs" in the system software) to obtain access to the system and ultimately obtain super administrator rights through a series of further actions. It is generally difficult for hackers to gain control of the entire system from the beginning, and in normal circumstances, this is a gradual escalation intrusion process. Since routers do not have many user accounts like ordinary systems and often use special software systems with relatively high security, it is much more difficult for hackers to obtain the management rights of the router system than hacking ordinary hosts. Therefore, most existing hacker attacks against routers can be classified as the second type of attack method. The ultimate purpose of this attack is not to directly invade the system, but to send off offensive data packets to the system or send a huge number of "garbage" data packets to the system at a certain time interval, thereby consuming a lot of the router's system resources, making it unable to work normally or even completely crashed.
Introduction to routing technology
STUN Technology:
That is, serial tunnel technology. This technology is to send the SNA software package from the serial port of FEP (3745/6) to the router, package it into an IP packet through the router, and then transmit it in a network composed of the router. After it is unpacked and restored to the SNA through the router, the SDLC packets restored to the SNA are sent to the SDLC interface device.
CIP technology:
CIP is a channel interface processor. It is a card device that can be easily installed in the CISCO7000 series routers. CIP provides IBM computers with access capabilities for multi-protocol inter-networks through direct connection with the channel of IBM computers. Provide TCP/IP, SNA, APPN traffic to the main machine, thus eliminating the need for intermediate devices such as 3172 interconnect controllers and IBM3745/6 FEP.
DLSw technology:
It is an international standard technology. It can package the SNA software package through IP and then transmit it from the IP network to any router node on the IP network, and then transmit it through the router's serial port to the SDLC interface device or the SNA node (such as RS6000) that transmits SNA packets through the LLC2 link layer protocol.
An E1 interface of MIP:
It can provide 30 sub-channels of 64Kbps, and the channels can also be combined into larger sub-channels of N×64K, which is enough to meet the bandwidth requirements for connecting with municipal banks for a considerable period of time.
CiscoWorks:
Network Management Application is a series of SNMP-based management application software that can be integrated on SunNet Manager, HP OpenView, IBM NetView/AIX, Windows95/NT platforms. The main functions provided are: allowing the remote installation of new routers to provide a wide range of dynamic status, statistics and configuration information for Cisco's Internet products, intuitively displaying Cisco's devices in a graphical way, and basic troubleshooting information.
Audit and record changes in configuration files, detect unauthorized configuration changes on the network, facilitate configurations of similar routers in the network to record the contacts of a specific device, view the status information of a device, including buffer memory, CPU load, available memory, interfaces and protocols used to collect historical data of the network, analyze network traffic and performance trends, and display it graphically to establish authorization checking procedures to protect CiscoWorks applications and network devices from access by unauthorized users. In particular, it is important to note that in order to manage SNA Internet well, Cisco has specially developed CiscoWorks for IBM network management. In addition to supporting the above functions, Blue network management application also adds SNA-type MIBs in routers, supports NMVT and LU6.2 management methods, and provides SNA management-related functions, such as: knowing the status of each SNA resource in the network, and using it to change the status of SNA resource to help detect problems related to the delay of network data flow, which can be used to measure the response time from the host to the LU.