558
ack-flood threshold
Use ack-flood threshold to set the global threshold for triggering ACK flood attack prevention.
Use undo ack-flood threshold to restore the default.
Syntax
ack-flood threshold threshold-value
undo ack-flood threshold
Default
The global threshold is 1000 for triggering ACK flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the threshold for triggering ACK flood attack prevention. The value range is 1
to 1000000 in units of ACK packets sent to an IP address per second.
Usage guidelines
The device applies the global threshold to ACK flood attack detection for non-specific IP addresses.
Adjust the threshold according to the application scenarios. If the number of ACK packets to a protected
server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold might
affect the server services. For a network that is unstable or susceptible to attacks, set a small threshold.
Examples
# Set the global threshold to 100 for triggering ACK flood attack prevention in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] ack-flood threshold 100
Related commands
• ack-flood action
• ack-flood detect
• ack-flood detect non-specific
attack-defense apply policy
Use attack-defense apply policy to apply an attack defense policy to an interface.
Use undo attack-defense apply policy to remove the attack defense policy application.
Syntax
attack-defense apply policy policy-name
undo attack-defense apply policy
To Next Page
Loading...
