EasyManua.ls Logo

HPE FlexNetwork 5510 HI Series

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
460
Configuring attack detection and
prevention
Overview
Attack detection and prevention enables a device to detect attacks by inspecting arriving packets,
and to take prevention actions, such as packet dropping, to protect a private network.
The device supports only TCP fragment attack prevention.
Configuring TCP fragment attack prevention
The TCP fragment attack prevention feature enables the device to drop attack TCP fragments to
prevent TCP fragment attacks that traditional packet filter cannot detect. As defined in RFC 1858,
attack TCP fragments refer to the following TCP fragments:
First fragments in which the TCP header is smaller than 20 bytes.
Non-first fragments with a fragment offset of 8 bytes (FO=1).
To configure TCP fragment attack prevention:
Step
Command
Remarks
1. Enter system view. system-view
N/A
2. Enable TCP fragment attack
prevention.
attack-
defense tcp fragment
enable
By default, TCP fragment attack
prevention is enabled.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Related product manuals