TM controls the network traffic easily
We see for an example and the 19th of May this year first, China Internet encounters the rare trouble, since 50 past 9 at night on the same day, the netizen who Jiangsu, Anhui, Guangxi, Hainan, Gansu, Zhejiang six saved has nearly felt at one time the network reacts and slackens, and unable to visit the network during when as long as more than three hours subsequently, until 20 past 1 before dawn next day, are influenced the Internet service of the area not to basically return to normal. 519 incidents become a larger broken network accident of Internet in China in recent years too.
The actual reason starts from the mutual fight of two game websites, one of these employs method that a hacker initiates the attack to the rival's DNS domain name custodian DNSPod, let the rival's websites paralysed. Evening such as 19 of May, 4 person use hacker by DDOS beginning,only attack the most common one on Internet, the computers of much Taizhong hobbyhorses of use pay and bomb wantonly to DNSPod, in short more than ten minutes, the server of facilitator of this domain name already can't bear the heavy load.
DNSPod person in charge: " We can see since 17 past 21, then the first wave, the first wave attacks beginning, then in 35 past 21, attacking the flowrate reaches the summit, probably have more than one G. " Less than half an hour, the server of DNSPod is paralysed, the hackers are very relaxed on achieving the goal of attacking the targeted website. But what they have not expected is, deposit the domain name of 130,000 websites in China yet on this server, include China's famous video playout software and online video provider among them - -The storm wind is audio-visual. One on the audio-visual software of storm wind is set up, making the hacker attack pushes to a slice of dominoes, lead to the fact the state of affair is expanded. In 519 accidents, after DNSPod is attacked by the hacker, just because stormliv process in the audio-visual procedure of storm wind attempts to connect the websites of storm wind, in unable to send, network request in a large amount constantly respond to, have just caused the network of the large-area to stop up finally. (case selects from Internet)
However, the deep thinking that the disconnected network incident initiates, has not had the full stop on this picture, a very large number of unusual flowrate is attacked drive by the interests factor at present, a lot of company meet these kind of attack often. As the network administrator of the company, why did this take precautions against the unusual flowrate of breaking with tremendous force is attacked, ensure the information security of the company, OK?
Network monitor system (Broadview NCC) which wide put through Xinda Science Technologies Co., Ltd. of Beijing researches and develops independently Orientate as the network equipment in the network, service, application and topological discovery, monitoring, flow analysis, trouble and comprehensive management of function such as being safe of characteristic of safety equipment. It, through sustaining the control to target's operation conditions of every control, sets up network topology, find the abnormal state in the system and report an emergency and ask for help or increased vigilance in time; Have raised operating efficiency and service quality that all kinds of resources run and safeguard effectively, ensure the comprehensive information platforms of enterprises to be healthy and orderly and run.
The flow analysis function of wide open Xinda's flow analysis Broadview NCC, through picking the data packet in the network, and analyze and count according to dimension such as the agreement, source, goal, the information collection way of the flowrate is mainly to pass NetFlower, sFlow, NetStream, mirror image of the port,etc. The analytic function of the flowrate includes:
Offer and flow into the function of analysis, the hierarchy analysis of the agreement, employing analyzing etc.;
Offer various rank analysis;
Offer the terminal flowrate matrix view, TCP to connect the matrix view of conversation.
System support to P2P, IM ( Instant news) , application layer agreements such as VoIP,etc. pay analyzing.
Apparatus call completing rate of automatic generation, equipment performance trend, equipment failure, total flow of the apparatus, call completing rate of the apparatus, survival rate of the server, circuit are connected with day, week, moon, season, annual report form such as the passband, and support the derivation flowrate real-time analysis system of PDF and Excel form to help users understand the detailed information of flowrate information and each terminal station of the overall network, it including summary, all agreement statistics, IP agreement count three parts of contents.
Flow analysis helps the controller to understand the distribution situation of concrete flowrate of the network link more clearly, thus situations such as relaxation analysis network traffic, traffic flow, flowrate of network equipment of the whole network,etc., let controller can light tube become more meticulous and manage, promote the intersection of the network bandwidth and utilization factor, ensure the network of enterprises to be unobstructed and steady.
Broadview NCC represents the statistics of flow of the whole network in the form of chart, the intersection of flowrate and report, overall agreement distribute, overall the intersection of TCP/UDP and distribution situation, the intersection of TCP/UDP and the intersection of flowrate and the intersection of port and the intersection of person who distribute and chart; Can carry on in-depth analysis, the getting local local, remote to any terminal station to the terminal flowrate at the same time, the remote, local IP flowrate that long-range are in the form of chart, it is convenient for controller to control to each terminal installation, the flowrate appears unusually and can be positioned accurately, guarantee network traffic is normal in order. In addition, the network administration system represents the overall statistics of flow in the form of chart, the intersection of flowrate and report, overall agreement distribute, overall the intersection of TCP/UDP and distribution situation, the intersection of TCP/UDP and the intersection of flowrate and the intersection of port and the intersection of person who distribute and chart.
In sum, through the intersection of understanding and every the intersection of visit and source, visit source address, visiting the address,etc. of server whose wide open the intersection of Xinda and Broadview NCC is can clear in function in flow analysis, when there is unusual flowrate to exist, the flowrate of rapid analysis, find behaviors such as ARP virus, worm unusual flowrate, BT flowrate, unusual flowrate of network,etc. in order to avoid causing needless losses effectively.
