R0106-HP MSR Router Series Security Configuration Guide(V7)
463
Enabling non-aggregated log output for single-packet attack
events
Aggregated log output aggregates all logs generated in a period and sends one log. The logs with the
same attributes for the following items can be aggregated:
• Interface where the attack is detected.
• Attack type.
• Attack defense action.
• Source and destination IP addresses.
• VPN instance.
HP recommends you disable non-aggregated log output. A large number of logs will consume the
display resources of the console.
To enable non-aggregated log output for single-packet attack events:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable non-aggregated log
output for single-packet attack
events.
attack-defense signature log
non-aggregate
By default, the system outputs
aggregated logs for single-packet
attack events.
Configuring TCP client verification
Configure TCP client verification on the interface that connects to the external network. The TCP client
verification protects internal TCP servers against TCP flood attacks, including the following flood attacks:
• SYN.
• SYN-ACK.
• RST.
• FIN.
• ACK.
IP addresses protected by TCP client verification can be manually added or automatically learned:
• You can manually add protected IP addresses. The device performs client verification when it
receives the first SYN packet destined for a protected IP address.
• The TCP client verification can automatically add victims' IP addresses to the protected IP list when
collaborating with flood attack detection. Make sure client-verify is specified as the flood attack
prevention action. For more information, see "Configuring a flood attack defense policy."
If a T
CP client is verified legitimate, the device adds the client's IP address to the trusted IP list. The device
directly forwards TCP packets from trusted IP addresses.
To configure TCP client verification:
Step Command Remarks
1. Enter system view.
system-view N/A