Pass the Huawei Huawei Certified Network Professional HCNP H12-721 Questions and answers with CertsForce

Note: Land attack: It is to set the source address and destination address of the TCP SYN packet to the IP address of a certain victim. This will cause the victim to send a SYN-ACK message to its own address, which in turn will send back an ACK message and create an empty connection, each of which will remain until timeout. Various victims react differently to Land attacks, many UNIX hosts will crash, and NT hosts will become extremely slow.

Note: TCP reverse source detection principle, when the device receives a SYN message, it will detect the existence of the source IP. The TCP reverse source detects the SYN-ACK sequence number that is sent incorrectly. If the source exists, it will send an RST message to request a three-way handshake. Because the reverse source detection mechanism is not affected by the successful establishment of the session table, it is recommended to use the reverse source detection technology to defend against SYN flood attacks. If you use TCP proxy attack defense, you must enable the state detection mechanism.

Note: Asynchronous mode: is the main mode of operation of BFD. In this mode, after the BFD session is established, the two systems periodically send BFD control messages to each other. If the packet sent from the peer is not received, the BFD session is considered to be in the Down query mode. It is the second mode of BFD. When a BFD session exists in a system, the BFD control packet is periodically sent. The overhead affects the normal operation of the system, and the query mode can be adopted.