Local attack defense can protect the CPUs of devices against various attacks.
The development and wide application of the network pose higher requirements for the network and device security. On the network, there are a large number of packets to be sent to the CPU and malicious packets attempting to attack the CPU. If the CPU receives excessive packets, the CPU usage is high, lowering the performance and affecting normal services; if the CPU is congested with malicious packets, it becomes busy processing these attack packets. Consequently, other services are interrupted. In extreme cases, the system fails.
Owing to the inherent defects and flawed implementation of the TCP/IP protocol suite, attacks on the TCP/IP network are increasing, which greatly impacts the network.
When a large number of packets are sent to the CPU at the same time, the packet sending rate cannot be limited, and as a result, the CPU cannot process these packets by priority.
The router runs multiple application protocols, and all these application protocols, including those unnecessary, send packets to the CPU. Hackers can thus exploit such a security vulnerability to launch flooding attacks to exhaust CPU resources, preventing the process of normal services.
Interfaces on the router can be classified into management interfaces and non-management interfaces. Hackers can control the router through non-management interfaces or launch flooding attacks through management interfaces. All these put the router in danger.
Attack packets are of various types, and once being attacked, the router cannot trace the attack source.
A large number of packets are discarded but no alarm message is generated.
You can protect the CPU of the NetEngine 8000 F against attacks by configuring defense against TCP/IP attacks, CAR, application layer association, management plane protection, or attack source tracing.