Packet inspection configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 16
8
Item
Description
Enable WinNuke Attack Detection
Enable or disable detection of WinNuke attacks.
Enable TCP Flag Attack Detection
Enable or disable detection of TCP flag attacks.
Enable ICMP Unreachable Packet Attack Detection
Enable or disable detection of ICMP unreachable
attacks.
Enable ICMP Redirect Packet Attack Detection
Enable or disable detection of ICMP redirect attacks.
Enable Tracert Packet Attack Detection
Enable or disable detection of Tracert attacks.
Enable Smurf Attack Detection
Enable or disable detection of Smurf attacks.
Enable IP Packet Carrying Source Route Attack
Detection
Enable or disable detection of source route attacks.
Enable Route Record Option Attack Detection
Enable or disable detection of route record attacks.
Enable Large ICMP Packet Attack Detection
Enable detection of large ICMP attacks and set the
packet length limit, or disable detection of such
attacks.
Max Packet Length
Packet inspection configuration example
Network requirements
As shown in
, the internal network is the trusted zone and the external network is the untrusted
zone.
Configure SecPath to protect the trusted zone against Land attacks and Smurf attacks from the untrusted
zone.
Figure 9 Network diagram
Configuration procedure
1.
Assign IP addresses to interfaces. (Details not shown.)
2.
From the navigation tree, select Intrusion Detection > Packet Inspection.
The packet inspection configuration page appears.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS