442
Configuring TCP attack prevention
Overview
TCP attack prevention can detect and prevent attacks that exploit the TCP connection establishment
process.
Configuring Naptha attack prevention
Naptha is a DDoS attack that targets operating systems. It exploits the resources consuming
vulnerability in TCP/IP stack and network application process. The attacker establishes a large
number of TCP connections in a short period of time and leaves them in certain states without
requesting any data. These TCP connections starve the victim of system resources, resulting in a
system breakdown.
After you enable Naptha attack prevention, the device periodically checks the number of TCP
connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and LAST_ACK).
If the number of TCP connections in a state exceeds the limit, the device will accelerate the aging of
the TCP connections in that state to mitigate the Naptha attack.
To configure Naptha attack prevention:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable Naptha attack
prevention.
tcp anti-naptha enable
By default, Naptha attack
prevention is disabled.
3. (Optional.) Set the maximum
number of TCP connections
in a state.
tcp state
{
closing
|
established
|
fin-wait-1
|
fin-wait-2
|
last-ack
}
connection-limit
number
By default, the maximum number
of TCP connections in each state
(CLOSING, ESTABLISHED,
FIN_WAIT_1, FIN_WAIT_2, and
LAST_ACK) is 50.
To disable the device from
accelerating the aging of the TCP
connections in a state, set the
value to 0.
4. (Optional.) Set the interval
for checking the number of
TCP connections in each
state.
tcp check-state interval
interval
By default, the interval for
checking the number of TCP
connections in each state is 30
seconds.
To Next Page
Loading...
Need help?
General