Huawei S9700 Series Configuration Manual page 42

Terabit routing switches spu

Hide thumbs Also See for S9700 Series:

Quick maintenance manual (15 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

page of 335

/ 335
Contents
Table of Contents
Bookmarks

Table of Contents

S9700 Core Routing Switch

Configuration Guide - SPU

These logs help you find out security risks, detect attempts to violate security policies, and learn

the type of a network attack. The real-time log is also used to detect an intrusion that is underway.

Traffic Statistics and Monitoring

A firewall monitors data traffic and detects connection setup between internal and external

networks, generates statistics, and analyzes data. The firewall can analyze the logs by using

special software after events occur. The firewall also has analysis functions that enable it to

analyze data in real time.

By checking whether the number of TCP/UDP sessions initiated from external networks to the

internal network exceeds the threshold, the firewall determines whether to restrict new sessions

from external networks to the internal network or restrict new sessions from an IP address in the

internal network. If the firewall finds that the number of sessions in the system exceeds the

threshold, it speeds up the aging of sessions. This ensures that new sessions are set up. In this

way, a DoS attack can be prevented if the system is too busy.

Figure 2-1

enabled for the packets from external networks to the internal network. If the number of TCP

sessions initiated by external networks to Web server 129.9.0.1 exceeds the threshold, the

SPU forbids external networks to initiate new sessions until the number of sessions is smaller

than the threshold.

Figure 2-1 Limiting the number of sessions initiated by external server

Attack Defense

With the attack defense feature, the SPU can detect and protect against various network attacks.

Network attacks are classified into three types: DoS attacks, scanning and snooping attacks, and

malformed packet attacks.

Issue 01 (2012-03-15)

shows an application of the firewall. The IP address-based statistics function is

Ethernet

Internal

network

DoS attack

Denial of service (DoS) attack attacks a system with a large number of data packets. This

prevents the system from receiving requests from authorized users or suspends the host.

DoS attacks include SYN Flood attack and Fraggle attack. DoS attacks are different from

other attacks because DoS attackers do not search for the ingress of a network but prevent

authorized users from accessing resources or routers.

Scanning and snooping attack

Huawei Proprietary and Confidential

Switch

TCP

connection

Web server

129.9.0.1

2 Firewall Configuration

Table of Contents

Huawei S9700 Series Configuration Manual page 42

Related Manuals for Huawei S9700 Series

Related Products for Huawei S9700 Series

Table of Contents