EasyManua.ls Logo

HPE FlexFabric 5940 SERIES

HPE FlexFabric 5940 SERIES
571 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
428
An ICMPv6 flood attacker sends ICMPv6 request packets, such as ping packets, to a host at a
fast rate. Because the target host is busy replying to these requests, it is unable to provide
services.
UDP flood attack.
A UDP flood attacker sends UDP packets to a host at a fast rate. These packets consume a
large amount of the target host's bandwidth, so the host cannot provide other services.
TCP fragment attack
An attacker launches TCP fragment attacks by sending attack TCP fragments defined in RFC 1858:
First fragments in which the TCP header is smaller than 20 bytes.
Non-first fragments with a fragment offset of 8 bytes (FO=1).
Typically, packet filter detects the source and destination IP addresses, source and destination ports,
and transport layer protocol of the first fragment of a TCP packet. If the first fragment passes the
detection, all subsequent fragments of the TCP packet are allowed to pass through.
Because the first fragment of attack TCP packets does not hit any match in the packet filter, the
subsequent fragments can all pass through. After the receiving host reassembles the fragments, a
TCP fragment attack occurs.
To prevent TCP fragment attacks, enable TCP fragment attack prevention to drop attack TCP
fragments.
Login dictionary attack
The login dictionary attack is an automated process to attempt to log in by trying all possible
passwords from a pre-arranged list of values (the dictionary). Multiple login attempts can occur in a
short period of time.
You can configure the login delay feature to slow down the login dictionary attacks. This feature
enables the device to delay accepting another login request after detecting a failed login attempt for
a user.
Attack detection and prevention configuration task
list
Tasks at a glance
(Required.) Configuring an attack defense policy:
(Required.) Creating an attack defense policy
(Required.) Perform at least one of the following tasks to configure attack detection:
{ Configuring a single-packet attack defense policy
{ Configuring a scanning attack defense policy
{ Configuring a flood attack defense policy
(Optional.) Configuring attack detection exemption
(Required.) Applying an attack defense policy to the device
(Optional.) Enabling log non-aggregation for single-packet attack events
(Optional.) Configuring TCP fragment attack prevention
(Optional.) Enabling the login delay

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Related product manuals