Login
- Table of Contents
-
- 10-Security Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-802.1X configuration
- 03-MAC authentication configuration
- 04-Portal configuration
- 05-Port security configuration
- 06-Password control configuration
- 07-Keychain configuration
- 08-Public key management
- 09-PKI configuration
- 10-IPsec configuration
- 11-SSH configuration
- 12-SSL configuration
- 13-Attack detection and prevention configuration
- 14-TCP attack prevention configuration
- 15-IP source guard configuration
- 16-ARP attack protection configuration
- 17-ND attack defense configuration
- 18-uRPF configuration
- 19-MFF configuration
- 20-FIPS configuration
- 21-MACsec configuration
- 22-802.1X client configuration
- 23-Web authentication configuration
- 24-Triple authentication configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 14-TCP attack prevention configuration | 29.57 KB |
Configuring TCP attack prevention
Overview
TCP attack prevention can detect and prevent attacks that exploit the TCP connection establishment process.
Configuring Naptha attack prevention
Naptha is a DDoS attack that targets operating systems. It exploits the resources consuming vulnerability in TCP/IP stack and network application process. The attacker establishes a large number of TCP connections in a short period of time and leaves them in certain states without requesting any data. These TCP connections starve the victim of system resources, resulting in a system breakdown.
After you enable Naptha attack prevention, the device periodically checks the number of TCP connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and LAST_ACK). If the number of TCP connections in a state exceeds the limit, the device will accelerate the aging of the TCP connections in that state to mitigate the Naptha attack.
To configure Naptha attack prevention:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable Naptha attack prevention. |
tcp anti-naptha enable |
By default, Naptha attack prevention is disabled. |
|
3. (Optional.) Set the maximum number of TCP connections in a state. |
tcp state { closing | established | fin-wait-1 | fin-wait-2 | last-ack } connection-limit number |
By default, the maximum number of TCP connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and LAST_ACK) is 50. To disable the device from accelerating the aging of the TCP connections in a state, set the value to 0. |
|
4. (Optional.) Set the interval for checking the number of TCP connections in each state. |
tcp check-state interval interval |
By default, the interval for checking the number of TCP connections in each state is 30 seconds. |
