3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

151

152

153

154

155

156

157

158

159

160

Setting the Warning Level in Monitoring the Number and Rate of Connections 157

By default, the ping of death prevention function is disabled.

Enabling/Disabling the

Teardrop Attack

Prevention Function

Perform the following configuration in system view.

By default, the Teardrop attack prevention function is disabled.

Enabling/Disabling the

TCP Flag Validity

Detection Function

Perform the following configuration in system view.

By default, the TCP flag validity detection function is disabled.

Enabling/Disabling the

IP Fragment Packet

Detection Function

Perform the following configuration in system view.

By default, the IP fragment packet detection function is disabled.

Setting the Warning

Level in Monitoring

the Number and Rate

of Connections

The firewall can monitor the number and rate of connections by using its statistics

function. When the number and rate of connections exceeds the set limit, the

firewall will warn. There are two warning levels: one level is warning, that is, when

the number and rate of connections exceeds the upper threshold value, only

warning information is output; another level is drop, that is, when the number

and rate of connections exceeds the upper threshold value, the warning

information is output and the subsequent packets are dropped. When the number

and rate of connections decreases to the lower threshold value, packets are not

dropped.

Perform the following configuration in system view.

Tab le 173 Enable/disable the Teardrop attack prevention function

Operation Command

Enable the Teardrop attack prevention

function

firewall defend teardrop

Disable the Teardrop attack prevention

function

undo firewall defend teardrop

Tab le 174 Enable/disable the TCP flag validity detection function

Operation Command

Enable the TCP flag validity detection function firewall defend tcp-flag

Disable the TCP flag validity detection

function

undo firewall defend tcp-flag

Tab le 175 Enable/disable the IP fragment packet detection function

Operation Command

Enable the IP fragment packet detection

function

firewall defend ip-fragment

Disable the IP fragment packet detection

function

undo firewall defend ip-fragment

Tab le 176 Set the warning level in monitoring the number and rate of connections

Operation Command

Set the warning level to warning and drop firewall statistic warning-level drop