No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to Troubleshoot that NE40 Is Attacked by ICMP Packets

Publication Date:  2012-07-27 Views:  35 Downloads:  0
Issue Description
NE40 is attacked by ICMP packets.
Alarm Information
CPU utilization reaches 90%. 
Handling Process
Filtration on fragmented ICMP packets could help keep away attacks, with configuration as follows: rule-map 1 intervlan icmp any any flag.
Root Cause
It comes to the following conclusions after analysis: 
(1) Change the configurations of leaky bucket. 
(2) Filter the ICMP packets. 
Although the first solution helps control the attack from ICMP packets effectively, a great deal of packets will impact on the forwarding of normal ICMP packets. If the second solution is used, although it could control the attack by ICMP packets, the normal ICMP packet are disabled. In analysis, it is found that ICMP packets are often very big and are fragmented in transmission, so filtration on ICMP fragmented packets could protect against attacks. After filtration on ICMP packets, CPU utilization is reduced greatly.  
Suggestions
Null

END