With TCP/IP attack defense, TCP/IP-based malformed packets or typical attack packets are discarded or filtered out, therefore ensuring the device security.
The device needs to be configured to discard malformed packets such as IP null payload packets.
The rate of delivering SYN packets and packet fragments to the CPU/protocol stack needs to be limited according to the processing capability of the device.
The device needs to be configured to discard any User Datagram Protocol (UDP) packet whose port number is 7, 13, or 19.
The device defends itself against TCP/IP-based malformed packets and typical attack packets primarily through the TCP/IP defense attack module.
Through ACLs, the device can identify malformed packets and attack packets, and then discards these packets accordingly or restricts the bandwidth for these packets through the CAR.
Attack methods change constantly, and therefore the ACLs used to match attack packets must be updated in timely fashion. The high flexibility and scalability of TCP/IP attack defense meet this demand.
Malformed packets:
The robustness of the protocol stack can ensure that the following malformed packets can be identified and then discarded: IP null payload packets, IGMP null payload packets, LAND attack packets, Smurf attack packets (ICMP echo requests whose destination addresses are subnet broadcast addresses).
Smurf attack packets and TCP/IP packets with invalid flag bits are discarded directly by the forwarding engine.
Packet fragments: The rate of sending packet fragments to the protocol stack is controlled through the CAR.
TCP SYN packets: The rate of sending TCP SYN packets to the protocol stack is controlled through the CAR of the forwarding engine.
UDP-Flood packets: They are discarded directly by the forwarding engine.
When packet filtering is enabled, TCP/IP attack defense is implemented through a combination of the ACL and CARs.
For malformed packets and UDP-FLOOD packets that match the ACL, the device discards the matching packets.
For TCP SYN packets that match the ACL, the device limits the rate of these packets through a CAR.