S12700 and S12700E V200R019C10 Configuration Guide - Security
This document describes the configurations of Security, including ACL, Reflective ACL, Local Attack Defense, MFF, Attack Defense, Traffic Suppression and Storm Control, ARP Security, Port Security, DHCP Snooping, ND Snooping, IPv6 RA Guard, PPPoE+, IPSG, SAVI, URPF, Keychian, MPAC, PKI, OLC, Separating the Management Plane from the Service Plane, and Security Risks.
Configuring Defense Against Malformed Packet Attacks
Context
Malformed packet attacks include flood attacks without IP payloads, attacks from IGMP null payload packets, LAND attacks, Smurf attacks, and attacks from packets with invalid TCP flag bits. A malformed packet attack occurs when malformed IP packets are sent to a target system, causing the system to work abnormally or break down. In addition, the attacker may send a large number of invalid packets to occupy network bandwidth.
To prevent the system from breaking down and to ensure non-stop network services, enable defense against malformed packet attacks on the device. After detecting malformed packets, the device discards them.
Procedure
- Run system-view
The system view is displayed.
- Run anti-attack abnormal enable
Defense against malformed packet attacks is enabled.
By default, defense against malformed packet attacks is enabled.
![]()
You can also run the anti-attack enable command in the system view to enable attack defense against all attack packets including malformed packets.
