Configuring Attack Detection And Prevention; Overview; Command And Hardware Compatibility; Attacks That The Device Can Prevent - HP MSR Series Configuration Manual

Configuring attack detection and
prevention

Overview

Attack detection and prevention enables a device to detect attacks by inspecting arriving packets,
and to take prevention actions to protect a private network. Prevention actions include logging,
packet dropping, blacklisting, and client verification.

Command and hardware compatibility

Commands and descriptions for centralized devices apply to the following routers:
•
MSR1002-4/1003-8S.
•
MSR2003.
•
MSR2004-24/2004-48.
•
MSR3012/3024/3044/3064.
•
MSR954(JH296A/JH297A/JH299A)
Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers.

Attacks that the device can prevent

The device can detect and prevent single-packet attacks, scanning attacks, and flood attacks.

Single-packet attacks

Single-packet attacks are also known as malformed packet attacks. An attacker typically launches
single-packet attacks by using the following methods:
•
An attacker sends defective packets to a device, which causes the device to malfunction or
crash.
•
An attacker sends normal packets to a device, which interrupts connections or probes network
topologies.
•
An attacker sends a large number of forged packets to a target device, which consumes
network bandwidth and causes denial of service (DoS).
Table 13 lists the single-packet attack types that the device can detect and prevent.
Table 13 Types of single-packet attacks
Single-packet attack
ICMP redirect
ICMP destination unreachable
Description
An attacker sends ICMP redirect messages to modify the victim's routing
table. The victim cannot forward packets correctly.
An attacker sends ICMP destination unreachable messages to cut off the
connections between the victim and its destinations.
481