Login
- Table of Contents
-
- 08-Security Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-802.1X configuration
- 03-MAC authentication configuration
- 04-Portal configuration
- 05-Web authentication configuration
- 06-Triple authentication configuration
- 07-Port security configuration
- 08-Password control configuration
- 09-Keychain configuration
- 10-Public key management
- 11-PKI configuration
- 12-IPsec configuration
- 13-SSH configuration
- 14-SSL configuration
- 15-Attack detection and prevention configuration
- 16-TCP attack prevention configuration
- 17-IP source guard configuration
- 18-ARP attack protection configuration
- 19-ND attack defense configuration
- 20-uRPF configuration
- 21-MFF configuration
- 22-FIPS configuration
- 23-MACsec configuration
- 24-802.1X client configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 16-TCP attack prevention configuration | 44.56 KB |
Configuring TCP attack prevention
Configuring Naptha attack prevention
Configuring TCP connection attack prevention
Configuring TCP attack prevention
About TCP attack prevention
TCP attack prevention can detect and prevent attacks that exploit the TCP connection establishment process.
Configuring Naptha attack prevention
About this task
Naptha is a DDoS attack that targets operating systems. It exploits the resources consuming vulnerability in TCP/IP stack and network application process. The attacker establishes a large number of TCP connections in a short period of time and leaves them in certain states without requesting any data. These TCP connections starve the victim of system resources, resulting in a system breakdown.
After you enable Naptha attack prevention, the device periodically checks the number of TCP connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and LAST_ACK). If the number of TCP connections in a state exceeds the limit, the device will accelerate the aging of the TCP connections in that state to mitigate the Naptha attack.
Procedure
1. Enter system view.
system-view
2. Enable Naptha attack prevention.
tcp anti-naptha enable
By default, Naptha attack prevention is disabled.
3. (Optional.) Set the maximum number of TCP connections in a state.
tcp state { closing | established | fin-wait-1 | fin-wait-2 | last-ack } connection-limit number
By default, the maximum number of TCP connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and LAST_ACK) is 50.
To disable the device from accelerating the aging of the TCP connections in a state, set the value to 0.
4. (Optional.) Set the interval for checking the number of TCP connections in each state.
tcp check-state interval interval
By default, the interval for checking the number of TCP connections in each state is 30 seconds.
Configuring TCP connection attack prevention
About this task
This feature enables the device to count the error packets received by each established TCP connection. If the number of error packets received by a TCP connection within a statistics interval (one second) exceeds the threshold, the device determines that the TCP connection is attacked and disconnects the TCP connection. If you enable logging for TCP connection attack prevention, the device generates a log about the attacked TCP connection.
Procedure
1. Enter system view.
system-view
2. Enable TCP connection attack prevention.
tcp abnormal-packet-defend [ log | threshold threshold-value ]*
By default, TCP connection attack prevention is disabled.
