SlideShare a Scribd company logo

Example for configuring local attack defense

Download as DOC, PDF
Huanetwork, profile picture
Huanetwork

The document provides a detailed example for configuring local attack defense on router A to handle various network issues, including tracing attack sources and mitigating performance degradation from excessive ARP requests. It outlines specific configurations such as access control lists, rate limits for different packet types, and the application of attack defense policies. Additionally, it references external resources for further networking solutions and maintains a focus on Huawei products and services.

Technology
1 of 3
Downloaded 12 times
1
2
3
Example for Configuring Local Attack Defense Applicability This example applies to all versions and routers. Networking Requirements As shown in Figure 1, users on different LANs access the Internet through Router A. To locate attacks on Router A, attack source tracing needs to be configured to trace the attack source. The following situations occur: • A user on network segment Net1 frequently initiates attacks to Router A. • The attacker sends a large number of ARP Request packets, degrading CPU performance. • The administrator needs to upload files to Router A using FTP. However, no FTP connection has been set up between the administrator's host and Router A. • Most LAN users obtain IP addresses through DHCP, whereas Router A does not first process DHCP client packets sent to the CPU. Configurations should be performed on Router A to solve the preceding problems. NOTE: This section provides only the configuration procedures related to local attack defense. For details about routing configurations, see the Configuration Guide - IP Routing. 1
Figure 1 Networking diagram of attack defense policy configurations Procedure 1. Configure the router. # acl number 4001 //Configure the ACL to be referenced by the blacklist of local attack defense. rule 5 permit source-mac 0001-c0a8-0102 # cpu-defend policy devicesafety //Create a local attack defense policy. auto-defend enable //Enable the attack source tracing capability. auto-defend threshold 50 //Set the attack source tracing threshold to 50 pps. blacklist 1 acl 4001 //Specify the blacklist. packet-type arp-request rate-limit 64 //Set the rate limit for ARP request packets sent to the CPU to 64 pps. application-apperceive packet-type ftp rate-limit 2000 //Set the rate limit for FTP packets to 2000 pps. packet-type dhcp-client priority 3 //Set the priority of the DHCP-client packets sent to the CPU to 3. # cpu-defend-policy devicesafety //Apply the attack defense policy to the MPU. # return 2. Verify the configuration. 2
Run the display cpu-defend policy command on router A to view information about the attack defense policy. Run the display cpu-defend configuration command on router A to view rate limit on protocol packets. More related: Example for Configuring the SNMP Function to Implement Communication Between the Device and the NMS Example for Connecting Intranet Users to the Internet in Easy IP Mode Example for Configuring the Device as a PPPoE Client to Connect Users to the Internet How to Configure the PPPoE Client on Huawei AR1200? Example for Connecting Intranet Users to the Internet in NAT Address Pool Mode More Huawei products and Reviews you can visit: http://www.huanetwork.com/blog Huanetwork.com is a world leading Huawei networking products distributor, we wholesale original new Huawei networking equipments, including Huawei switches, Huawei routers, Huaweisymantec security products, Huawei IAD, Huawei SFP and other Huawei networking products. Our customers include telecom operators, Huawei resellers, ISP and system integrators. Right now most of our sales are contributed by regular customers. In Huanetwork Lab, also we have Huawei OLT, MDU, DSLAM and switch for customer do remote testing, any potential customer are welcome to login to our lab. If you need a total Huawei FTTx solution or Huawei ADSL solution for your network, also you may feel free to contact us. Our website: http://www.huanetwork.com Telephone: +852-30501940 Email: sales@huanetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 3

More Related Content

PDF
GLBP (gateway load balancing protocol)
Netwax Lab
 
PDF
SNMP
Anshuman Biswal
 
PPTX
BASICS OF ROUTING IN NETWORKS
KABILESH RAMAR
 
PDF
VLAN Trunking Protocol
Netwax Lab
 
PDF
200 301-ccna
Jasser Kouki
 
PDF
VRRP (virtual router redundancy protocol)
Netwax Lab
 
PPTX
Dhcp
Chinmoy Jena
 
PPTX
Ccna ppt1
AIRTEL
 
GLBP (gateway load balancing protocol)
Netwax Lab
 
SNMP
Anshuman Biswal
 
BASICS OF ROUTING IN NETWORKS
KABILESH RAMAR
 
VLAN Trunking Protocol
Netwax Lab
 
200 301-ccna
Jasser Kouki
 
VRRP (virtual router redundancy protocol)
Netwax Lab
 
Dhcp
Chinmoy Jena
 
Ccna ppt1
AIRTEL
 

What's hot (20)

PDF
MPLS Concepts and Fundamentals
Shawn Zandi
 
PDF
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Canada
 
PPT
firewall.ppt
ssuser530a07
 
PPTX
IMS presentation
Anirudh Yadav
 
PPTX
Bgp protocol
Smriti Tikoo
 
PPT
Mpls L3_vpn
Reza Farahani
 
PPT
IGMP.ppt
Munnakumar518378
 
PDF
VLAN (virtual local area network)
Netwax Lab
 
PPT
Ospf
Sasi Reddy
 
PDF
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi
 
PDF
cours ospf
EL AMRI El Hassan
 
PPTX
IS-IS Packet Types
NetProtocol Xpert
 
PPT
DHCP
Kashif Latif
 
PPTX
Routing Techniques
Nishant Munjal
 
PPTX
Routing Protocols
NetProtocol Xpert
 
PDF
Router commands
Akshay Bhardwaj
 
PPTX
Network Troubleshooting - Part 2
SolarWinds
 
DOCX
Layer 2 & layer 3 switching
Muhd Mu'izuddin
 
PPTX
CCNA Course Training Presentation
Rohit Singh
 
PPT
IP Subnetting
Shahzad Rashid
 
MPLS Concepts and Fundamentals
Shawn Zandi
 
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Canada
 
firewall.ppt
ssuser530a07
 
IMS presentation
Anirudh Yadav
 
Bgp protocol
Smriti Tikoo
 
Mpls L3_vpn
Reza Farahani
 
IGMP.ppt
Munnakumar518378
 
VLAN (virtual local area network)
Netwax Lab
 
Ospf
Sasi Reddy
 
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi
 
cours ospf
EL AMRI El Hassan
 
IS-IS Packet Types
NetProtocol Xpert
 
DHCP
Kashif Latif
 
Routing Techniques
Nishant Munjal
 
Routing Protocols
NetProtocol Xpert
 
Router commands
Akshay Bhardwaj
 
Network Troubleshooting - Part 2
SolarWinds
 
Layer 2 & layer 3 switching
Muhd Mu'izuddin
 
CCNA Course Training Presentation
Rohit Singh
 
IP Subnetting
Shahzad Rashid
 
Ad

Viewers also liked (9)

DOC
Version support for huawei s7700 components (1)
Huanetwork
 
DOC
Huawei s9300 terabit routing switch
Huanetwork
 
DOC
Optical module
Huanetwork
 
DOC
Huawei S5700 28 p-pwr-li-ac introduction
Huanetwork
 
DOC
Huawei s3700 cables
Huanetwork
 
DOC
Huawei net engine5000e core router chassis and features
Huanetwork
 
DOC
What is huawei quidway s5300 gigabit switches
Huanetwork
 
DOC
Huawei osn3500 typical networking in packet mode
Huanetwork
 
DOC
Huawei s2300 series ethernet switches overview
Huanetwork
 
Version support for huawei s7700 components (1)
Huanetwork
 
Huawei s9300 terabit routing switch
Huanetwork
 
Optical module
Huanetwork
 
Huawei S5700 28 p-pwr-li-ac introduction
Huanetwork
 
Huawei s3700 cables
Huanetwork
 
Huawei net engine5000e core router chassis and features
Huanetwork
 
What is huawei quidway s5300 gigabit switches
Huanetwork
 
Huawei osn3500 typical networking in packet mode
Huanetwork
 
Huawei s2300 series ethernet switches overview
Huanetwork
 
Ad

Similar to Example for configuring local attack defense (20)

PDF
versa router teletronics
guestd33e17a
 
PDF
Ccnav5.org ccna 4-v50_practice_final_exam
Đồng Quốc Vương
 
DOCX
2232016 Sample Implementation Plan1.htmlfileCUsers.docx
eugeniadean34240
 
DOC
Configuring the Device as a PPPoE Client on Huawei AR1200
Huanetwork
 
PPT
Vpnppt1884
Swarup Kumar Mall
 
PDF
CCNA 1 Chapter 11 v5.0 2014
Đồng Quốc Vương
 
DOCX
Telnet configuration
MdAlAmin187
 
PDF
Ccna 4 Final 2 Version 4.0 Answers
CCNA4Answers
 
PDF
IT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
ITExamAnswers.net
 
PDF
Guide to Firewalls and VPNs 3rd Edition Whitman Test Bank
dokkokraghql
 
PPTX
introduction of iptables in linux
Nouman Baloch
 
PPTX
Case study
Khaled Adnan
 
PPT
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
 
PDF
Chapter
prajapatijagdish
 
PPT
Tonyfortunatoiperfquickstart 1212633021928769-8
Jamil Jamil
 
PDF
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Đồng Quốc Vương
 
PPTX
cFrame framework slides
kestasj
 
PDF
200-301-demo.pdf
CiscoExamDumpsarticl1
 
PDF
Cisco 200-301 Exam Dumps
CiscoExamDumpsarticl2
 
PDF
Cisco 200-301 Exam Dumps
CiscoExamDumpsarticl
 
versa router teletronics
guestd33e17a
 
Ccnav5.org ccna 4-v50_practice_final_exam
Đồng Quốc Vương
 
2232016 Sample Implementation Plan1.htmlfileCUsers.docx
eugeniadean34240
 
Configuring the Device as a PPPoE Client on Huawei AR1200
Huanetwork
 
Vpnppt1884
Swarup Kumar Mall
 
CCNA 1 Chapter 11 v5.0 2014
Đồng Quốc Vương
 
Telnet configuration
MdAlAmin187
 
Ccna 4 Final 2 Version 4.0 Answers
CCNA4Answers
 
IT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
ITExamAnswers.net
 
Guide to Firewalls and VPNs 3rd Edition Whitman Test Bank
dokkokraghql
 
introduction of iptables in linux
Nouman Baloch
 
Case study
Khaled Adnan
 
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
 
Chapter
prajapatijagdish
 
Tonyfortunatoiperfquickstart 1212633021928769-8
Jamil Jamil
 
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Đồng Quốc Vương
 
cFrame framework slides
kestasj
 
200-301-demo.pdf
CiscoExamDumpsarticl1
 
Cisco 200-301 Exam Dumps
CiscoExamDumpsarticl2
 
Cisco 200-301 Exam Dumps
CiscoExamDumpsarticl
 

More from Huanetwork (20)

PDF
Huawei s5710-ei-power-module-test-report
Huanetwork
 
DOC
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork
 
DOC
Wiki and solution in ftth technology
Huanetwork
 
DOC
Ont, olt and mdu in gpon technology
Huanetwork
 
DOC
What are the differences between huawei and cisco wlan products
Huanetwork
 
DOC
Huawei ac6005
Huanetwork
 
DOC
How to Configure QinQ?
Huanetwork
 
DOC
How to configure inband management for huawei ma5616
Huanetwork
 
DOC
How to configure eo c services for huawei ol ts
Huanetwork
 
DOC
Huawei opti x osn 1500 boards
Huanetwork
 
DOC
Huawei ftth c b e2 e solution
Huanetwork
 
DOC
Huawei osn3500 typical networking in packet mode
Huanetwork
 
DOC
What’s the Difference Between GPON and EPON
Huanetwork
 
DOC
Differences of Huawei S5700 Series LI, SI, EI and HI
Huanetwork
 
DOC
How to configure the logical distance of gpon
Huanetwork
 
DOC
Huanetwork Design the Network Solution Free for You
Huanetwork
 
DOC
Configuration difference between ipv6 and ipv4
Huanetwork
 
DOC
How to configure the gpon ftth layer 2 internet access service on the nms
Huanetwork
 
DOC
How to configure i pv6 services in the fttb c (no hgws) scenario
Huanetwork
 
DOC
Huawei router component selection guide – purchase list
Huanetwork
 
Huawei s5710-ei-power-module-test-report
Huanetwork
 
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork
 
Wiki and solution in ftth technology
Huanetwork
 
Ont, olt and mdu in gpon technology
Huanetwork
 
What are the differences between huawei and cisco wlan products
Huanetwork
 
Huawei ac6005
Huanetwork
 
How to Configure QinQ?
Huanetwork
 
How to configure inband management for huawei ma5616
Huanetwork
 
How to configure eo c services for huawei ol ts
Huanetwork
 
Huawei opti x osn 1500 boards
Huanetwork
 
Huawei ftth c b e2 e solution
Huanetwork
 
Huawei osn3500 typical networking in packet mode
Huanetwork
 
What’s the Difference Between GPON and EPON
Huanetwork
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Huanetwork
 
How to configure the logical distance of gpon
Huanetwork
 
Huanetwork Design the Network Solution Free for You
Huanetwork
 
Configuration difference between ipv6 and ipv4
Huanetwork
 
How to configure the gpon ftth layer 2 internet access service on the nms
Huanetwork
 
How to configure i pv6 services in the fttb c (no hgws) scenario
Huanetwork
 
Huawei router component selection guide – purchase list
Huanetwork
 

Recently uploaded (20)

PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Teaching material agriculture food technology
LiaRayya
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 

Example for configuring local attack defense

  • 1. Example for Configuring Local Attack Defense Applicability This example applies to all versions and routers. Networking Requirements As shown in Figure 1, users on different LANs access the Internet through Router A. To locate attacks on Router A, attack source tracing needs to be configured to trace the attack source. The following situations occur: • A user on network segment Net1 frequently initiates attacks to Router A. • The attacker sends a large number of ARP Request packets, degrading CPU performance. • The administrator needs to upload files to Router A using FTP. However, no FTP connection has been set up between the administrator's host and Router A. • Most LAN users obtain IP addresses through DHCP, whereas Router A does not first process DHCP client packets sent to the CPU. Configurations should be performed on Router A to solve the preceding problems. NOTE: This section provides only the configuration procedures related to local attack defense. For details about routing configurations, see the Configuration Guide - IP Routing. 1
  • 2. Figure 1 Networking diagram of attack defense policy configurations Procedure 1. Configure the router. # acl number 4001 //Configure the ACL to be referenced by the blacklist of local attack defense. rule 5 permit source-mac 0001-c0a8-0102 # cpu-defend policy devicesafety //Create a local attack defense policy. auto-defend enable //Enable the attack source tracing capability. auto-defend threshold 50 //Set the attack source tracing threshold to 50 pps. blacklist 1 acl 4001 //Specify the blacklist. packet-type arp-request rate-limit 64 //Set the rate limit for ARP request packets sent to the CPU to 64 pps. application-apperceive packet-type ftp rate-limit 2000 //Set the rate limit for FTP packets to 2000 pps. packet-type dhcp-client priority 3 //Set the priority of the DHCP-client packets sent to the CPU to 3. # cpu-defend-policy devicesafety //Apply the attack defense policy to the MPU. # return 2. Verify the configuration. 2
  • 3. Run the display cpu-defend policy command on router A to view information about the attack defense policy. Run the display cpu-defend configuration command on router A to view rate limit on protocol packets. More related: Example for Configuring the SNMP Function to Implement Communication Between the Device and the NMS Example for Connecting Intranet Users to the Internet in Easy IP Mode Example for Configuring the Device as a PPPoE Client to Connect Users to the Internet How to Configure the PPPoE Client on Huawei AR1200? Example for Connecting Intranet Users to the Internet in NAT Address Pool Mode More Huawei products and Reviews you can visit: http://www.huanetwork.com/blog Huanetwork.com is a world leading Huawei networking products distributor, we wholesale original new Huawei networking equipments, including Huawei switches, Huawei routers, Huaweisymantec security products, Huawei IAD, Huawei SFP and other Huawei networking products. Our customers include telecom operators, Huawei resellers, ISP and system integrators. Right now most of our sales are contributed by regular customers. In Huanetwork Lab, also we have Huawei OLT, MDU, DSLAM and switch for customer do remote testing, any potential customer are welcome to login to our lab. If you need a total Huawei FTTx solution or Huawei ADSL solution for your network, also you may feel free to contact us. Our website: http://www.huanetwork.com Telephone: +852-30501940 Email: sales@huanetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 3