EasyManua.ls Logo

H3C MSR Series

H3C MSR Series
1187 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1082
undo syn-ack-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ]
Default
IP address-specific SYN-ACK flood attack detection is not configured.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the IPv4 address to be protected. The ipv4-address argument cannot be
255.255.255.255 or 0.0.0.0.
ipv6 ipv6-address: Specifies the IPv6 address to be protected.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP
address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Do not specify this option if the protected IP address is on the public network.
threshold threshold-value: Specifies the threshold for triggering SYN-ACK flood attack prevention.
The value range is 1 to 1000000 in units of SYN-ACK packets sent to the specified IP address per
second.
action: Specifies the actions when a SYN-ACK flood attack is detected. If no action is specified, the
global actions set by the syn-ack-flood action command apply.
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP
client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent SYN-ACK packets destined for the protected IP address.
logging: Enables logging for SYN-ACK flood attack events.
none: Takes no action.
Usage guidelines
With SYN-ACK flood attack detection configured for an IP address, the device is in attack detection
state. When the sending rate of SYN-ACK packets to the IP address reaches the threshold, the
device enters prevention state and takes the specified actions. When the rate is below the silence
threshold (three-fourths of the threshold), the device returns to the attack detection state.
Examples
# Configure SYN-ACK flood attack detection for 192.168.1.2 in the attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] syn-ack-flood detect ip 192.168.1.2
threshold 2000
Related commands
syn-ack-flood action
syn-ack-flood detect non-specific
syn-ack-flood threshold

Table of Contents

Other manuals for H3C MSR Series

Preview: Manual
Manual33 pages
Preview: Probe Command Reference
Probe Command Reference28 pages
Preview: Configuration Guide
Configuration Guide80 pages
Preview: Troubleshooting Guide
Troubleshooting Guide28 pages
Preview: User Guide
User Guide26 pages

Related product manuals