Disabling sending of icmp error packets, Disabling sending of icmp error packets -2 – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 299

Advertising
background image

31-2

To do…

Use the command…

Remarks

Enter system view

system-view

Configure TCP synwait timer’s
timeout value

tcp timer syn-timeout time-value

Optional
By default, the timeout value is 75
seconds.

Configure TCP finwait timer’s
timeout value

tcp timer fin-timeout time-value

Optional
By default, the timeout value is 675
seconds.

Configure the size of TCP
receive/send buffer

tcp window window-size

Optional
By default, the buffer is 8 kilobytes.

Disabling Sending of ICMP Error Packets

Sending error packets is a major function of ICMP protocol. In case of network abnormalities, ICMP
packets are usually sent by the network or transport layer protocols to notify corresponding devices so
as to facilitate control and management.

By default, the device supports sending ICMP redirect and destination unreachable packets.

Although sending ICMP error packets facilitate control and management, it still has the following
disadvantages:

z

Sending a lot of ICMP packets will increase network traffic.

z

If receiving a lot of malicious packets that cause it to send ICMP error packets, the device’s
performance will be reduced.

z

As the ICMP redirection function increases the routing table size of a host, the host’s performance
will be reduced if its routing table becomes very large.

z

If a host sends malicious ICMP destination unreachable packets, end users may be affected.

To prevent the above mentioned problems, you can disable the device from sending such ICMP error
packets.

Follow these steps to disable sending of ICMP error packets:

To do…

Use the command…

Remarks

Enter system view

system-view

Disable sending of ICMP redirects

undo icmp redirect send

Required
Enabled by default

Disable sending of ICMP
destination unreachable packets

undo icmp unreach send

Required
Enabled by default

Displaying and Maintaining IP Performance Configuration

To do…

Use the command…

Remarks

Display TCP connection status

display tcp status

Display TCP connection statistics

display tcp statistics

Display UDP traffic statistics

display udp statistics

Available in any
view

Advertising
Popular Brands
Popular manuals