3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module

141

142

143

144

145

146

147

148

149

150

150 CHAPTER 10: ATTACK PREVENTION AND PACKET STATISTICS

By default, the WinNuke attack prevention function is disabled.

Enabling/Disabling the

Fraggle Attack

Prevention Function

Perform the following configuration in system view.

By default, the Fraggle attack prevention function is disabled.

Enabling/Disabling Frag

Flood Attack Prevention

Perform the following configuration in system view.

By default, Frag Flood attack prevention is not enabled.

If a fragment packet attack is targeted at the firewall itself, the firewall gives an

alarm but discards no packet; otherwise, the firewall gives an alarm and discards

the packets.

Enabling/Disabling the

SYN Flood Attack

Prevention Function

The SYN Flood attack prevention function can be configured to the specific

security zone or the specific IP address. Only when the SYN Flood attack

prevention function is enabled and the inbound IP statistics function of the

protected zone (or the zone to which the protected IP belongs) is enabled can the

SYN Flood attack prevention function be enabled.

Enabling/disabling the SYN flood attack prevention function

Perform the following configuration in system view.

By default, the SYN Flood attack prevention function is disabled.

Configuring the specified SYN Flood attack prevention function

Perform the following configuration in system view.

Tabl e 156 Enable/disable the Fraggle attack prevention function

Operation Command

Enable the Fraggle attack prevention function firewall defend fraggle

Disable the Fraggle attack prevention function undo firewall defend fraggle

Tabl e 157 Enable/disable Frag flood attack prevention

Operation Command

Enable Frag Flood attack prevention

firewall defend frag-flood [

max-identical-rate max-identical-rate ] [

max-total-rate max-total-rate ]

Disable Frag Flood attack prevention undo firewall defend frag-flood

Tabl e 158 Enable/disable the SYN Flood attack prevention function

Operation Command

Enable the SYN Flood attack prevention

function

firewall defend syn-flood enable

Disable the SYN Flood attack prevention

function

undo firewall defend syn-flood enable