Attack Detection And Protection Configuration Task List - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
After receiving a SYN message from a client to a protected server, the TCP proxy sends back a
SYN ACK message with the window size of 0 on behalf of the server. If the client is legitimate, the
TCP proxy receives an ACK message. Upon receiving an ACK message from the client, the TCP
proxy sets up a connection between itself and the server through a three-way handshake on behalf
of the client. Thus, two TCP connections are established, and the two connections use different
sequence numbers.
In bidirectional proxy mode, the TCP proxy plays two roles: a virtual server that communicates with
clients and a virtual client that communicates with servers. To use this mode, you must deploy the
TCP proxy on the key path that passes through the ingress and egress of the protected servers, and
make sure all packets that the clients send to the server and all packets that the servers send to the
clients pass through the TCP proxy device.
Attack detection and protection configuration task
list
The attack detection and protection configuration tasks include three categories:
Configuring attack protection functions for an interface. To do so, you need to create an attack
•
protection policy, configure the required attack protection functions (such as Smurf attack protection,
scanning attack protection, and flood attack protection) in the policy, and then apply the policy to
the interface. There is no specific configuration order for the attack functions, and you can configure
them as needed.
•
Configuring a TCP proxy when the SYN flood attack protection policy specifies the processing
method for SYN flood attack packets as TCP proxy.
Configuring the blacklist function. This function can be used independently or used in conjunction
•
with the scanning attack protection function on an interface.
Enabling the traffic statistics function. This function can be used independently.
•
Complete the following tasks to configure attack detection and protection:
Task
Configuring attack
protection functions for
an interface
Configuring TCP proxy
Configuring the blacklist function
Enabling traffic statistics on an interface
Creating an attack protection policy
Configuring an attack protection
•
Configuring a single-packet attack protection policy
•
Configuring a scanning attack protection policy
•
Configuring a flood attack protection policy
Applying an attack protection policy to an interface
483
policy:
Remarks
Required.
Required.
Configure one or
more policies as
needed.
Required.
Optional.
Optional.
Optional.
Advertisement
Table of Contents
Troubleshooting
