1071
rst-flood action
Use rst-flood action to specify global actions against RST flood attacks.
Use undo rst-flood action to restore the default.
Syntax
rst-flood action { client-verify | drop | logging } *
undo rst-flood action
Default
No global action is specified for RST flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP
client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent RST packets destined for the victim IP addresses.
logging: Enables logging for RST flood attack events.
Usage guidelines
For the RST flood attack detection to collaborate with the TCP client verification, make sure the
client-verify keyword is specified and the TCP client verification is enabled. To enable TCP client
verification, use the client-verify tcp enable command.
Examples
# Specify drop as the global action against RST flood attacks in the attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] rst-flood action drop
Related commands
client-verify tcp enable
rst-flood detect
rst-flood detect non-specific
rst-flood threshold
rst-flood detect
Use rst-flood detect to configure IP address-specific RST flood attack detection.
Use undo rst-flood detect to remove the IP address-specific RST flood attack detection
configuration.
Syntax
rst-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
[ threshold threshold-value ] [ action { { client-verify | drop | logging } * | none } ]
To Next Page
Loading...
