F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Attack t

e Descri

tion

DNS Flood

A DNS flood attack overwhelms the victim with an enormous number of DNS query

requests in a short period. This disables the victim from providing normal services.

Number of

connections per

source IP exceeds the

threshold

When an internal user initiates a large number of connections to a host on the external

network in a short period of time, system resources on the device are used up soon.

This makes the device unable to service other users.

Number of

connections per dest

IP exceeds the

threshold

If an internal server receives large quantities of connection requests in a short period of

time, the server is not able to process normal connection requests from other hosts.

12B

Configuring the attack detection and protection at

the CLI

63BAttack detection and protection configuration task list

The attack detection and protection configuration tasks fall into the following categories:

• Configuring attack protection functions for a security zone. To do so, you need to create an attack

protection policy, configure the required attack protection functions (such as Smurf attack protection,

scanning attack protection, and flood attack protection) in the policy, and then apply the policy to

the security zone. There is no specific configuration order for the attack functions, and you can

configure them as needed.

• Configuring a TCP proxy when the SYN flood attack protection policy specifies the processing

method for SYN flood attack packets as TCP proxy.

• Configuring the blacklist function. This function can be used independently or used in conjunction

with the scanning attack protection function on a security zone.

• Enabling the traffic statistics function. This function can be used independently.

Complete the following tasks to configure attack detection and protection:

Task Remarks

Configuring attack

protection functions for

a security zone

309H

Creating an attack protection policy Required.

310H

Enabling attack protection logging Optional.

311H

Configuring an attack protection policy:

• 312HConfiguring a single-packet attack protection policy

• 313HConfiguring a scanning attack protection policy

• 314HConfiguring a flood attack protection policy

Required.

Configure one or more

policies as needed.

315H

Applying an attack protection policy to a security zone Required.

316H

Configuring TCP proxy Optional.

317H

Configuring the blacklist function Optional.

318H

Enabling traffic statistics for a security zone Optional.