Configure attack defense on an AR router

9

Attack defense mainly defends the CPU against attack packets to ensure that the server can normally run in case of an attack.
Attack defense configuration is composed of the following parts: enabling attack defense, (optional) configuring flooding defense parameters, super-large ICMP packet defense parameters, and scan attack defense parameters, and checking configuration result.
By default, no type of attack defense is enabled.
For details about how to configure attack defense of AR series routers using command lines and through the web NMS, see the URL: AR router configuration attack defense .

Other related questions:
Configure attack defense on an AR router
Attack defense mainly defends the CPU against attack packets to ensure that the server can normally run in case of an attack. Attack defense configuration is composed of the following parts: enabling attack defense, (optional) configuring flooding defense parameters, super-large ICMP packet defense parameters, and scan attack defense parameters, and checking configuration result. By default, no type of attack defense is enabled. For details about how to configure attack defense of AR series routers using command lines and through the web NMS, see the URL: AR router configuration attack defense .

How to configure ARP anti-attack on an AR router
On a network, common ARP attack methods include ARP flooding and ARP spoofing. To avoid different types of harm caused by the ARP attacks, multiple types of solutions to the ARP security features are provided according to the attack types. By configuring ARP anti-flooding
and anti-spoofing, the maintenance cost arising from ensuring normal running of a network and security of network information can be effectively reduced, thereby providing users with a more secure network environment and more stable network services. For details about the configuration procedure, see the URL: AR100&AR120&AR150&AR160&AR200&AR1200& AR1600&AR2200&AR3200&AR3600 V200R007 Product Documentation.

Attack defense concept and configuration method for the USG6000
1. Choose Policy > Security Protection > Attack Defense > Anti-DDoS. 2. Bind the interface connecting the NGFW to the Internet. You can use either of the following methods to bind the interface: In Unbound Interfaces, double-click the interface to be bound. The interface is displayed in Bound Interfaces. In Unbound Interfaces, select the interface to be bound and click it. The interface is displayed in Bound Interfaces. 3. (Optional) Configure the NGFW to interwork with the ATIC server. a. Choose Policy > Security Protection > Attack Defense > Anti-DDoS. b. Select the ATIC Interworking check box and enter the IP address of the ATIC server. After the NGFW is configured to interwork with the ATIC server, it can send traffic anomaly logs to the ATIC server. 4. On the DDoS page, click Set Learning Parameters to configure the threshold learning function. 5. Click OK. The threshold learning function takes effect. After this function takes effect, the learning status is displayed under Set Learning Parameters. You can view the threshold learning status. 6. On the DDoS page, select the attack type to be defended against and click Enable. The default threshold is used for defending against each type of attack. 7. Click Apply. 8. If threshold learning is not automatically applied, you must manually trigger the system to apply learning result after threshold learning is complete or set thresholds based on the learning results. Generally, a manually set threshold should be a little bit higher than the learned threshold.

Attack defense concept and configuration method for the USG2000&5000
Overview of attack defense Common network attacks generally intrude or overload web servers (hosts), steal sensitive server data, consume bandwidth resources, or interrupt the services provided by the servers for external users. Certain network attacks directly target at network devices. Such attacks may cause anomalies in network services and bring in adverse impacts, or even interrupt the operations of these services. Network attacks fall into traffic attacks, scanning and sniffing attacks, malformed-packet attacks, and special-packet attacks. The details are as follows: ?raffic attacks In a traffic attack, an attacker sends mass useless data to exhaust server resources, causing denial of services on the server. This type of attack has mass data packets sent, overloads devices, and exhausts network bandwidth or device resources. Usually, routers, servers, and firewalls provide limited resources. Once overloaded, they may fail to process normal services, causing denial of services. The commonest traffic attack is flood attacks. In flood attacks, attackers send a large number of seemly legitimate TCP, UDP, and ICMP packets to targets. Some attackers even forge the source addresses to evade detection and monitoring. ?canning and sniffing attacks Scanning and sniffing attacks mainly refer to IP sweep and port scan. In IP sweep, an attacker constantly sends IP (TCP/UDP/ICMP) packets with changing destination addresses to search existing hosts and networks for a target. In port scan, an attacker scans TCP and UDP ports to detect the operating system and potential services of the target. Through scanning and sniffing, attackers can roughly understand the types of services that targets provide and potential vulnerabilities for further intrusions. ?alformed-packet attacks In malformed-packet attacks, attackers send defective IP packets to target systems. The target systems may encounter errors or crash when handling such packets. Malformed-packet attacks mainly include Ping-of-Death and Teardrop attacks. ?pecial-packet attacks In special-packet attacks, attackers use legitimate packets to probe networks or detect data. The packets are legitimate application packets but seldom used on networks.

Recommended attack defense configuration on the USG2000&5000&6000
The following attack defense configurations are recommended if there are no special attack defense requirements: firewall defend land enable firewall defend smurf enable firewall defend fraggle enable firewall defend winnuke enable firewall defend source-route enable firewall defend route-record enable firewall defend time-stamp enable firewall defend ping-of-death enable

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top