Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
43
# Enable SYN flood attack protection.
[Firewall-attack-defense-policy-2] defense syn-flood enable
# Configure SYN flood attack protection for the internal server 10.1.1.2, and set the action threshold to
5000 and silence threshold to 1000.
[Firewall-attack-defense-policy-2] defense syn-flood ip 10.1.1.2 rate-threshold high 5000
low 1000
# Configure the policy to drop the subsequent packets after a SYN flood attack is detected.
[Firewall-attack-defense-policy-2] defense syn-flood action drop-packet
[Firewall-attack-defense-policy-2] quit
# Apply attack protection policy 2 to security zone DMZ.
[Firewall] zone name dmz id 3
[Firewall-zone-dmz] attack-defense apply policy 2
[Firewall-zone-dmz] quit
Verifying the configuration
Use the display attack-defense policy command to display the contents of attack protection policy 1 and
2.
If security zone Untrust receives Smurf attack packets, the device should output alarm logs. If security
zone Untrust receives scanning attack packets, the device should output alarm logs and add the IP
addresses of the attackers to the blacklist. If SYN flood attack packets are received by security zone DMZ,
the device should output alarm logs and drop the subsequent attack packets.
After a period of time, use the display attack-defense statistics zone command to display the attack
protection statistics of each security zone. If scanning attacks occur, you can use the display blacklist
command to see the blacklist entries added automatically by scanning attack protection.
Blacklist configuration example
Network requirements
As shown in Figure 42, Host D is an attacker in the external network. Configure the firewall to filter
packets from Host D permanently. Host C is in the internal network. Configure the firewall to drop packets
from Host C for 50 minutes, so that Host C cannot access the external network during the specified
period of time.
Figure 42 Network diagram
Configuration procedure
# Specify IP addresses for interfaces and add them into security zones. (Details not shown.)