To Next Page

To Previous Page

988

port port-number: Specifies the port to be protected, in the range of 1 to 65535. If you do not specify

this option, DNS client verification protects port 53, HTTP client verification protects port 80, and TCP

client verification protects all ports.

Usage guidelines

You can specify multiple protected IPv6 addresses by using this command multiple times.

Examples

# Configure TCP client verification to protect IPv6 address 2013::12 and port 23.

<Sysname> system-view

[Sysname] client-verify tcp protected ipv6 2013::12 port 23

# Configure HTTP client verification to protect IPv6 address 2013::12.

<Sysname> system-view

[Sysname] client-verify http protected ipv6 2013::12

Related commands

display client-verify protected ipv6

client-verify tcp enable

Use client-verify tcp enable to enable TCP client verification on an interface.

Use undo client-verify tcp enable to disable TCP client verification on an interface.

Syntax

client-verify tcp enable [ mode { syn-cookie | safe-reset } ]

undo client-verify tcp enable

Default

TCP client verification is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

mode: Specifies a working mode for TCP client verification. If you do not specify this keyword, the

SYN cookie mode is used.

syn-cookie: Specifies the SYN cookie mode. In this mode, bidirectional TCP proxy is enabled.

safe-reset: Specifies the safe reset mode. In this mode, unidirectional TCP proxy is enabled.

Usage guidelines

Enable TCP client verification on the interface connected to the external network to check incoming

packets. This feature protects internal servers against TCP flood attacks, including SYN flood

attacks, SYN-ACK flood attacks, RST flood attacks, FIN flood attacks, and ACK flood attacks.

For TCP client verification to collaborate with TCP flood attack prevention, specify client-verify as

the TCP flood attack prevention action. During collaboration, the device adds the victim IP address to

the protected IP list and verifies the untrusted sources if it detects a TCP flood attack. You can use

the display client-verify tcp protected ip command to display the protected IP list for TCP client

verification.

TCP client verification supports the following modes:

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS