Tóth Péter Zoltán,
Siemens Rt. Information and Communication Networks
Denial of Service attacks are common across the Internet. A recent increase in reported attacks against routers and other network components has drawn the attention of network operators to security issues of public networking infrastructure.
What all DoS attacks have in common is that they render the network
incapable of providing some expected service or deprive users of receiving an
offered service. The presentation introduces basic types of DoS attacks, such
as SYN flood, ICMP flood, UDP flood and
distributed DoS attacks. Attack prevention and detection mechanisms include
firewall filtering, rate limiting, spoofed address filtering, blocking
broadcast amplification, counting and logging.
Network security requires intensive filtering on every element of a
provider network. Traditional CPU based routers lack the computing capacity
required for filtering traffic. Switching on filters or access lists usually
degrades performance and throughput. Thus security is matter of compromise.
Latest generation of provider routers is designed with ASIC technology
providing sufficient performance for IP features including extensive firewall
filtering.
Juniper Networks routers are built from the ground up for service provider requirements. Its Internet Processor ASIC is not only a cornerstone of its technology leadership, but also an essential tool for providing routing scalability, security, rich IP feature set, provider reliability. Juniper networks routers form the heart of GEANT the European Academic Internetwork and also many national academic networks throughout Europe. Juniper Networks T640 is today the only IP routing platform prepared for Terabit routing.