< Home

Discarding IP Packets with Identical Source and Destination IP Addresses

Context

In specific scenarios, IP packets with identical source and destination IP addresses may be valid. For example, a network administrator may construct these packets for internal tests. By default, the device forwards such packets.

If you detect an abnormal volume of these packets and suspect a LAND attack may occur, configure this function to discard the suspect packets.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this function.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ip anti-attack source-ip equals destination-ip drop

    The device is configured to discard the IP packets with identical source and destination IP addresses.

    By default, the device forwards the IP packets with identical source and destination IP addresses.

Parent Topic: Configuring IPSG
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic