638
Parameters
dns: Specifies the DNS client verification function.
http: Specifies the HTTP client verification function.
tcp: Specifies the TCP client verification function.
ip: Specifies the trusted IPv4 list.
ipv6: Specifies the trusted IPv6 list.
Examples
# Clear the trusted IPv4 list for DNS client verification.
<Sysname> reset client-verify dns trusted ip
Related commands
• display client-verify trusted ip
• display client-verify trusted ipv6
rst-flood action
Use rst-flood action to specify global actions against RST flood attacks.
Use undo rst-flood action to restore the default.
Syntax
rst-flood action { client-verify | drop | logging } *
undo rst-flood action
Default
No action is taken against detected RST flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent RST packets destined for the victim IP addresses.
logging: Enables logging for RST flood attack events. The log information records the detection interface,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions, and start time
of the attack.
Usage guidelines
To configure the RST flood attack detection to collaborate with the TCP client verification, make sure the
client-verify keyword is specified and the TCP client verification is enabled. To enable TCP client
verification, use the client-verify tcp enable command.
Examples
# Specify drop as the global action against RST flood attacks in attack defense policy atk-policy-1.
To Next Page
Loading...
Need help?
General
