1079
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] signature detect smurf action drop
Related commands
signature level action
signature level action
Use signature level action to specify the actions against single-packet attacks on a specific level.
Use undo signature level action to restore the default.
Syntax
signature level { high | info | low | medium } action { { drop | logging } * | none }
undo signature level { high | info | low | medium } action
Default
For informational-level and low-level single-packet attacks, the action is logging.
For medium-level and high-level single-packet attacks, the actions are logging and drop.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
high: Specifies the high level. None of the currently supported single-packet attacks belongs to this
level.
info: Specifies the informational level. For example, large ICMP packet attack is on this level.
low: Specifies the low level. For example, the traceroute attack is on this level.
medium: Specifies the medium level. For example, the WinNuke attack is on this level.
drop: Drops packets that match the specified level.
logging: Enable logging for single-packet attacks on the specified level.
none: Takes no action.
Usage guidelines
According to their severity, single-packet attacks are divided into four levels: info, low, medium, and
high. Enabling signature detection for a specific level enables signature detection for all
single-packet attacks on the level.
If you enable signature detection for a single-packet attack also by using the signature detect
command, action parameters in the signature detect command take effect.
Examples
# Specify the action against informational-level single-packet attacks as drop in the attack defense
policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature level info action drop
Related commands
signature detect
To Next Page
Loading...
Need help?
General
