555
Attack detection and prevention commands
In this chapter, "MSR1000" refers to MSR1002-4. "MSR2000" refers to MSR2003, MSR2004-24,
MSR2004-48. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064.
"MSR4000" collectively refers to MSR4060 and MSR4080.
ack-flood action
Use ack-flood action to specify global actions against ACK flood attacks.
Use undo ack-flood action to restore the default.
Syntax
ack-flood action { client-verify | drop | logging } *
undo ack-flood action
Default
No action is taken against detected ACK flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent ACK packets destined for the victim IP addresses.
logging: Enables logging for ACK flood attack events. The log information records the detection interface,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions, and start time
of the attack.
Usage guidelines
To configure the ACK flood attack detection to collaborate with the TCP client verification, make sure the
client-verify keyword is specified and the TCP client verification is enabled. To enable TCP client
verification, use the client-verify tcp enable command.
Examples
# Specify drop as the global action against ACK flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] ack-flood action drop
Related commands
• ack-flood threshold
• ack-flood detect
To Next Page
Loading...
Need help?
General
