Enabling Protection Against Naptha Attacks; Displaying And Maintaining Tcp Attack Protection - HP 5120 SI Series Security Configuration Manual

Hide thumbs Also See for 5120 SI Series:
Table of Contents

Advertisement

NOTE:
With the SYN Cookie feature enabled, only the maximum segment size (MSS), is negotiated during TCP
connection establishment, instead of the window's zoom factor and timestamp.

Enabling protection against Naptha attacks

Naptha attacks are similar to the SYN Flood attacks. Attackers can perform Naptha attacks by using the
six TCP connection states (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, and
SYN_RECEIVED), and SYN Flood attacks by using only the SYN_RECEIVED state.
Naptha attackers control a huge amount of hosts to establish TCP connections with the server, keep these
connections in the same state (any of the six), and request for no data so as to exhaust the memory
resource of the server. As a result, the server cannot process normal services.
Protection against Naptha attacks mitigates such attacks by accelerating the aging of TCP connections
in a state. After the feature is enabled, the device (serving as a TCP server) periodically checks the
number of TCP connections in each state. If the device detects that the number of TCP connections in a
state exceeds the maximum number, it considers that a Naptha attack occurs and accelerates the aging
of TCP connections in this state. The device will stop accelerating the aging of TCP connections when the
number of TCP connections in the state is less than 80% of the maximum number (1 at least).
Follow these steps to enable the protection against Naptha attack:
To do...
Enter system view
Enable the protection against
Naptha attack
Configure the maximum
number of TCP connections in
a state
Configure the TCP state check
interval

Displaying and maintaining TCP attack protection

To do...
Display current TCP connection state
Use the command...
system-view
tcp anti-naptha enable
tcp state { closing | established |
fin-wait-1 | fin-wait-2 | last-ack |
syn-received } connection-number
number
tcp timer check-state timer-value
Use the command...
display tcp status [ | { begin | exclude |
include } regular-expression ]
289
Remarks
Required
Disabled by default.
Optional
5 by default.
If the maximum number of TCP
connections in a state is 0, the aging
of TCP connections in this state will
not be accelerated.
Optional
30 seconds by default.
Remarks
Available in any view

Advertisement

Table of Contents
loading

Table of Contents