No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Introduction to Local Attack Defense

Introduction to Local Attack Defense

Local attack defense can protect the CPUs of devices against various attacks.

The development and wide application of the network pose higher requirements for the network and device security. On the network, there are a large number of packets to be sent to the CPU and malicious packets attempting to attack the CPU. If the CPU receives excessive packets, the CPU usage is high, lowering the performance and affecting normal services; if the CPU is congested with malicious packets, it becomes busy processing these attack packets. Consequently, other services are interrupted. In extreme cases, the system fails.

At present, the router faces the following security risks:
  • Owing to the inherent defects and flawed implementation of the TCP/IP protocol suite, attacks on the TCP/IP network are increasing, which greatly impacts the network.

  • When a large number of packets are sent to the CPU at the same time, the packet sending rate cannot be limited, and as a result, the CPU cannot process these packets by priority.

  • The router runs multiple application protocols, and all these application protocols, including those unnecessary, send packets to the CPU. Hackers can thus exploit such a security vulnerability to launch flooding attacks to exhaust CPU resources, preventing the process of normal services.

  • Interfaces on the router can be classified into management interfaces and non-management interfaces. Hackers can control the router through non-management interfaces or launch flooding attacks through management interfaces. All these put the router in danger.

  • Attack packets are of various types, and once being attacked, the router cannot trace the attack source.

  • A large number of packets are discarded but no alarm message is generated.

You can protect the CPU of the NE20E against attacks by configuring defense against TCP/IP attacks, CAR, application layer association, management plane protection, or attack source tracing.

Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 21993

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next