14 Configuration of Attack Defense and
Application Layer Association
About This Chapter
Attack defense and application layer association can prevent the attack of packets to the CPU,
which ensures that the device runs normally when it is attacked.
14.1 Overview to Attack Defense and Application Layer Association
Attacks on TCP/IP networks increase steadily. Attacks to network devices may cause the
network to be disabled or unavailable.
14.2 Configuring Abnormal Packet Attack Defense
Malformed packet attacks are classified into flood attacks without IP payload, IGMP null packet
attacks, LAND attacks, Smurf attacks, and TCP flag-bit invalid attacks.
14.3 Configuring Fragmented Packet Attack Defense
Fragmented packet attacks can be classified into attacks of a huge number of fragments, Tear
Drop, syndrop, nesta, fawx, bonk, NewTear, Bonk, Rose, huge-offset, Ping of death, Jolt, and
duplicated fragmentation.
14.4 Configuring Flood Attack Defense
Flood attacks include SYN flood attacks, UDP flood attacks, and ICMP flood attacks.
14.5 Configuring Application Layer Association
Application layer association controls forwarding and discarding of protocol packets by enabling
or disabling application layer protocols. In this manner, application layer association can defense
attacks.
14.6 Maintenance Attack Defense and Application Layer Association
This section describes how to clear statistics about attack defense.
14.7 Configuration Example
This section provides an example for improving network security through attack defense.
Familiarize yourself with the configuration procedures against the networking diagram. Each
configuration example consists of the networking requirements, configuration precautions,
configuration roadmap, configuration procedures, and configuration files.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
14 Configuration of Attack Defense and Application Layer
Association
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
280
To Next Page
Loading...
Need help?
General
