No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Can I Locate and Prevent an Attack Initiated by a Unidirectional TCP Flow?

How Can I Locate and Prevent an Attack Initiated by a Unidirectional TCP Flow?

  1. View NGE session information to locate the attack initiated by a unidirectional flow.
    <Huawei> system-view
    [Huawei] diagnose
    [Huawei-diagnose] display engine session table verbose-detail
    VSys:0 Vpn:0 Thread:1 TCP 192.168.110.100:65483 ==> 10.80.41.105:808 ttl:600 lefttime:53
    Summary# packets: 0 bytes: 0 <--> packets: 6 bytes: 0
    Detail# ver:10314 type:0 user:0 bypass:0x0 runmap:0x0003 proxybypass:1 action:100 zone:0->0 http_acc:0 tags:[used:1 1st_dir:0 finish
    detect:0 continue:1 flag:0,0,4 apptrace:0x0 finarrive:0 urlcache:0 re_ply:0-0 block:0 path_flag:0 fin_s:0 overflow:0 penable:0 skipn
    bss:0 prcvrst:0 tcplc:1 secpty:0 runmode:1]
    Tcp# Cache:0 OutOrder:0 OverLap: 0
      Client: 1stSeq: 2700303840 RcvAck: 0 ReaseSeq: 2700303840 SndSeq: 2700303840 state: 2,0
      Server: 1stSeq: 0 RcvAck: 0 ReaseSeq: 0 SndSeq: 0 state: 1,3
    Policy# AuditPolicy:0x00000000 SecPolicy:0x00000000
      Profile:0/0/0/0/0/0/0/0/0/0/0
    Flow# Client: Server:
    SA# app: 0 decode: 0
    Cache# Msg Cache Head Phase(0) Action(0) MsgNum(0)
    ------------------------------------------------------------

    According to Summary# packets: 0 bytes: 0 <--> packets: 6 bytes: 0 in the command output, statistics about only unidirectional packets are available, indicating that an attack initiated by a unidirectional flow exists. VSys:0 Vpn:0 Thread:1 TCP 192.168.110.100:65483 ==> 10.80.41.105:808 ttl:600 lefttime:53 indicates that the source IP address the attacker is 192.168.110.100 and the destination IP address is 10.80.41.105.

  2. Configure an ACL to match the target unidirectional flow and apply the ACL to filter packets of this flow in the inbound direction.
    <Huawei> system-view
    [Huawei] acl 3000
    [Huawei-acl-adv-3000] rule deny tcp destination 10.80.41.105 0 source 192.168.110.100 0
    [Huawei-acl-adv-3000] quit
    [Huawei] interface GigabitEthernet 0/0/0
    [Huawei-GigabitEthernet0/0/0] traffic-filter inbound acl 3000
    
Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 455255

Downloads: 4320

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next