Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Apply an attack defense
policy to the device.
Disabling log aggregation for single-packet attack events
Log aggregation aggregates all logs generated for attacks targeted at the device during a period of
time and sends one log. The logs with the same attributes for the following items can be aggregated:
•
Attack type.
•
Attack defense action.
•
Source and destination IP addresses.
•
VPN instance to which the victim IP address belongs.
As a best practice, do not disable log aggregation. A large number of logs will consume the display
resources of the console.
To disable log aggregation for single-packet attack events:
Step
1.
Enter system view.
2.
Disable log aggregation for
single-packet attack
events.
Configuring TCP fragment attack prevention
The TCP fragment attack prevention feature detects the length and fragment offset of received TCP
fragments and drops attack TCP fragments.
TCP fragment attack prevention takes precedence over single-packet attack prevention. When both
are used, incoming TCP packets are processed first by TCP fragment attack prevention and then by
the single-packet attack defense policy.
To configure TCP fragment attack prevention:
Step
1.
Enter system view.
2.
Enable TCP fragment attack
prevention.
Enabling the login delay
The login delay feature delays the device from accepting a login request from a user after the user
fails a login attempt. This feature can slow down login dictionary attacks.
To enable the login delay:
Command
system-view
attack-defense local apply
policy policy-name
Command
system-view
attack-defense signature log
non-aggregate
Command
system-view
attack-defense tcp fragment
enable
463
Remarks
N/A
By default, no attack defense policy
is applied to the device.
Remarks
N/A
By default, log aggregation is
enabled for single-packet attack
events.
Remarks
N/A
By default, TCP fragment attack
prevention is enabled.
Advertisement
Table of Contents
Troubleshooting
