Configuring Tcp Attack Prevention; Overview; Configuring Naptha Attack Prevention - HPE FlexNetwork 10500 Series Security Configuration Manual

Configuring TCP attack prevention

Overview

TCP attack prevention can detect and prevent attacks that exploit the TCP connection establishment
process.

Configuring Naptha attack prevention

Naptha is a DDoS attack that targets operating systems. It exploits the resources consuming
vulnerability in TCP/IP stack and network application process. The attacker establishes a large
number of TCP connections in a short period of time and leaves them in certain states without
requesting any data. These TCP connections starve the victim of system resources, resulting in a
system breakdown.
After you enable Naptha attack prevention, the device periodically checks the number of TCP
connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and
LAST_ACK). If the number of TCP connections in a state exceeds the limit, the device will accelerate
the aging of the TCP connections in that state to mitigate the Naptha attack.
To configure Naptha attack prevention:
Step
1. Enter system view.
2. Enable Naptha attack
prevention.
3. (Optional.) Set the maximum
number of TCP connections
in a state.
4. (Optional.) Set the interval
for checking the number of
TCP connections in each
state.
Command
system-view
tcp anti-naptha enable
tcp state { closing | established
| fin-wait-1 | fin-wait-2 |
last-ack } connection-limit
number
tcp check-state interval interval
496
Remarks
N/A
By default, Naptha attack
prevention is disabled.
By default, the maximum number
of TCP connections in each state
(CLOSING, ESTABLISHED,
FIN_WAIT_1, FIN_WAIT_2, and
LAST_ACK) is 50.
To disable the device from
accelerating the aging of the TCP
connections in a state, set the
value to 0.
By default, the interval for
checking the number of TCP
connections in each state is 30
seconds.