No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


No injection flow and interruption of business after the diversion

Publication Date:  2013-12-10 Views:  609 Downloads:  0
Issue Description
In Bypass mode  all business impassability after diversion  , no injection flow.

Alarm Information
There are following log information on the terminal:

%2013-09-12 16:56:09 Clean %%01SEC/4/ATCKDF(l): AttackType="IP spoof attack", slot="0", receive interface="GigabitEthernet0/0/1 ", proto="TCP", src=" ", dst=" ", begin time="2013-09-12 16:55:39", end time="2013-09-12 16:56:09", total packets="265803", max speed="0".
Handling Process
 Execute ‘undo firewall defend ip-spoofing enable’ return to normal state.
Root Cause
The log indicate that the system was attacked by the IP spoof attack , the system detects address spoofing attack, all the packets was discarded, check the configuration, the address spoofing check is enable in firewall ‘defend ip-spoofing enable’ , enable it will do the reverse route inspection, to bypass model, is not suitable for enable reverse route inspection, therefore,  need to disable the address spoofing attack.