< Home

Configuring Defense Against Malformed Packet Attacks

Context

Malformed packet attacks include flood attacks without IP payloads, attacks from IGMP null payload packets, LAND attacks, Smurf attacks, and attacks from packets with invalid TCP flag bits. A malformed packet attack occurs when malformed IP packets are sent to a target system, causing the system to work abnormally or break down. In addition, the attacker may send a large number of invalid packets to occupy network bandwidth.

To prevent the system from breaking down and to ensure non-stop network services, enable defense against malformed packet attacks on the device. After detecting malformed packets, the device discards them.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run anti-attack abnormal enable

    Defense against malformed packet attacks is enabled.

    By default, defense against malformed packet attacks is enabled.

    You can also run the anti-attack enable command in the system view to enable attack defense against all attack packets including malformed packets.

Verifying the Configuration

  • Run the display anti-attack statistics abnormal command to check statistics on defense against malformed packet attacks on the device.

Parent Topic: Attack Defense Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >