No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

How to Troubleshoot that NE40 Is Attacked by ICMP Packets

Publication Date:  2012-07-27  |   Views:  134  |   Downloads:  0  |   Author:  Zhao Zihui  |   Document ID:  EKB0000137032

Contents

Issue Description

NE40 is attacked by ICMP packets.

Alarm Information

CPU utilization reaches 90%. 

Handling Process

Filtration on fragmented ICMP packets could help keep away attacks, with configuration as follows: rule-map 1 intervlan icmp any any flag.

Root Cause

It comes to the following conclusions after analysis: 
(1) Change the configurations of leaky bucket. 
(2) Filter the ICMP packets. 
Although the first solution helps control the attack from ICMP packets effectively, a great deal of packets will impact on the forwarding of normal ICMP packets. If the second solution is used, although it could control the attack by ICMP packets, the normal ICMP packet are disabled. In analysis, it is found that ICMP packets are often very big and are fragmented in transmission, so filtration on ICMP fragmented packets could protect against attacks. After filtration on ICMP packets, CPU utilization is reduced greatly.  

Suggestions

Null