CÔNG TY TNHH CÔNG NGHỆ VIỆT THÁI DƯƠNG
Logo CNTTShop.vn

NTT03, Line 1, Thống Nhất Complex, Thanh Xuân, Hà Nội.
Danh mục sản phẩm

Attack Detection Function Configuration

Table 17-1 The configuration list of the attack detection function

Configuration Task

Configure the detection function software attack

Configure intercepting the packet with too small IP length

Configure intercepting the unreasonable fragment packets

Configure intercepting the Land attack packet

Configure intercepting the Fraggle attack packet

Configure intercepting the ICMP flood attack packet

Configure intercepting the TCP SYN flood attack packet

Configure intercepting the address and port scanning attack packet

 

Configure the software attack detection log recording

Configure the hardware attack detection function

Configure intercepting the ICMP fragment packet of the IPv4&6 protocol

Configure the attack threshold of the super-large ICMP v4 packet 512 bytes

Configure the attack threshold of the super-large ICMP v6 packet 512 bytes

Configure intercepting the IPv4 ping-of- death packet attack

Configure intercepting the IPv4 packet of the smurf attack

Configure intercepting the packet with the same source and destination MAC

Configure intercepting the packet with the same source and destination IP

Configure intercepting the TCP packet with the same source and destination port

Configure intercepting the UDP packet with the same source and destination port

Configure intercepting the IPv4&6 packet with the TCP control field (flags) and seq serial number as 0

Configure the attack of the IPv4&6 packet with the incomplete TCP protocol header smaller than 20 bytes

Configure intercepting the IPv4&6 attack with TCP FIN, URG, and PSH as 1, but sequence as 0

Configure intercepting the IPv4&6 packet with TCP SYN and FIN flags set at the same time

note


  • The software attack detection function is valid only for the packet to the local device; the hardware attack detection function is valid for all the packets received by the switching port.
  • The software attack detection supports the statistics and log recording for the dropped packers; the hardware attack detection is realized by the switching chip and does not support the statistics and log recording for the dropped packets.