Enabling Defense Against Malformed Packet Attacks

With defense against malformed packet attacks, the router checks the validity of received packets and filters out illegal packets, thus defending the CPU against attacks of IP packets with null load, null IGMP packets, LAND attack packets, Smurf attack packets, and packets with invalid TCP flag bits.

Procedure

Run system-view
The system view is displayed.
Run cpu-defend policy policy-number
The attack defense policy view is displayed.
Perform either of the following operations as required:
- Run the abnormal-packet-defend enable command to enable defense against IPv4 malformed packet attacks.
- Run the ipv6-abnormal-packet-defend enable command to enable defense against IPv6 malformed packet attacks.
Defense against IPv4 malformed packet attacks can defend against attacks of various malformed packets, including IP packets with null load, null IGMP packets, LAND attack packets, Smurf attack packets, and packets with invalid TCP flag bits.

Defense against IPv6 malformed packet attacks can defend against attacks of various malformed packets, including LAND attack packets, and packets with invalid TCP flag bits.
Run commit
The configuration is committed.