628
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address to be protected. The ip-address argument cannot be all 1s or 0s.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP address
belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify
this option if the protected IP address is on the public network.
threshold threshold-value: Sets the threshold for triggering ICMP flood attack prevention. The value range
is 1 to 1000000 in units of ICMP packets sent to the specified IP address per second.
action: Specifies the actions when an ICMP flood attack is detected. If no action is specified, the global
actions set by the icmp-flood action command apply.
drop: Drops subsequent ICMP packets destined for the protected IP address.
logging: Enables logging for ICMP flood attack events. The log records the detection interface, victim IP
address, MPLS L3VPN instance name, current packet statistics, prevention action, and start time of the
attack.
Usage guidelines
You can configure ICMP flood attack detection for multiple IP addresses in one attack defense policy.
With ICMP flood attack detection configured, the device is in attack detection state. An attack occurs
when the device detects that the sending rate of ICMP packets to a protected IP address reaches or
exceeds the threshold. The device enters prevention state and takes actions to protect the target IP
address. When the rate is below the silence threshold (three-fourths of the threshold), the device
considers that the threat is over and returns to the attack detection state.
Examples
# Configure ICMP flood attack detection for 192.168.1.2 in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmp-flood detect ip 192.168.1.2 threshold
2000
Related commands
• icmp-flood action
• icmp-flood detect non-specific
• icmp-flood threshold
icmp-flood detect non-specific
Use icmp-flood detect non-specific to enable ICMP flood attack detection for non-specific IPv4
addresses.
Use undo icmp-flood detect non-specific to restore the default.
Syntax
icmp-flood detect non-specific
To Next Page
Loading...
Need help?
General
