To Next Page

To Previous Page

1074

Usage guidelines

The global threshold applies to global RST flood attack detection. Adjust the threshold according to

the application scenarios. If the number of RST packets sent to a protected server, such as an HTTP

or FTP server, is normally large, set a large threshold. A small threshold might affect the server

services. For a network that is unstable or susceptible to attacks, set a small threshold.

With global RST flood attack detection configured, the device is in attack detection state. When the

sending rate of RST packets to an IP address reaches the threshold, the device enters prevention

state and takes the specified actions. When the rate is below the silence threshold (three-fourths of

the threshold), the device returns to the attack detection state.

Examples

# Set the global threshold to 100 for triggering RST flood attack prevention in the attack defense

policy atk-policy-1.

<Sysname> system-view

[Sysname] attack-defense policy atk-policy-1

[Sysname-attack-defense-policy-atk-policy-1] rst-flood threshold 100

Related commands

rst-flood action

rst-flood detect

rst-flood detect non-specific

scan detect

Use scan detect to configure scanning attack detection.

Use undo scan detect to remove the scanning attack detection configuration.

Syntax

scan detect level { high | low | medium } action { { block-source [ timeout minutes ] | drop } |

logging } *

undo scan detect level { high | low | medium }

Default

Scanning attack detection is disabled.

Views

Attack defense policy view

Predefined user roles

network-admin

Parameters

level: Specifies the level of the scanning attack detection.

low: Specifies the low level. This level provides basic scanning attack detection. It has a low false

alarm rate but many scanning attacks cannot be detected. Statistics are collected every 60 seconds

for the low level detection.

high: Specifies the high level. This level can detect most of the scanning attacks, but has a high false

alarm rate. Some packets from active hosts might be considered as attack packets. Statistics are

collected every 600 seconds for the high level detection.

medium: Specifies the medium level. Compared with the high and low levels, this level has medium

false alarm rate and attack detection accuracy. Statistics are collected every 90 seconds for the

medium level detection.

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS