Disabling Log Aggregation For Single-Packet Attack Events; Configuring Tcp Fragment Attack Prevention; Configuring Tcp Client Verification - HP MSR Series Configuration Manual

Disabling log aggregation for single-packet attack events

Log aggregation aggregates all logs generated in a period and sends one log. The logs with the
same attributes for the following items can be aggregated:
•
Interface where the attack is detected.
•
Attack type.
•
Attack defense action.
•
Source and destination IP addresses.
•
VPN instance to which the victim IP address belongs.
Hewlett Packard Enterprise recommends that you not disable log aggregation. A large number of
logs will consume the display resources of the console.
To disable log aggregation for single-packet attack events:
Step
1. Enter system view.
2. Disable log aggregation for
single-packet attack
events.

Configuring TCP fragment attack prevention

The TCP fragment attack prevention feature detects the length and fragment offset of received TCP
fragments and drops attack TCP fragments.
TCP fragment attack prevention takes precedence over single-packet attack prevention. When both
are used, incoming TCP packets are processed first by TCP fragment attack prevention and then by
the single-packet attack defense policy.
To configure TCP fragment attack prevention:
Step
1. Enter system view.
2. Enable TCP fragment attack
prevention.

Configuring TCP client verification

Configure TCP client verification on the interface that connects to the external network. TCP client
verification protects internal TCP servers against TCP flood attacks, including the following flood
attacks:
•
SYN.
•
SYN-ACK.
•
RST.
•
FIN.
•
ACK.
Command
system-view
attack-defense signature log
non-aggregate
Command
system-view
attack-defense tcp fragment
enable
498
Remarks
N/A
By default, log aggregation is
enabled for single-packet attack
events.
Remarks
N/A
By default, TCP fragment attack
prevention is enabled.
TCP fragment attack prevention is
typically used alone.