639
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] rst-flood action drop
Related commands
• client-verify tcp enable
• rst-flood detect
• rst-flood detect non-specific
• rst-flood threshold
rst-flood detect
Use rst-flood detect to configure IP-specific RST flood attack detection.
Use undo rst-flood detect to remove the RST flood attack detection configuration for an IP address.
Syntax
rst-flood detect { ip ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ threshold
threshold-value ] [ action { client-verify | drop | logging } * ]
undo rst-flood detect { ip ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
RST flood attack detection is not configured for any IP address.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the IPv4 address to be protected. The ip-address argument cannot be all 1s or 0s.
ipv6 ipv6-address: Specifies the IPv6 address to be protected. The ipv6-address argument cannot be a
multicast address or all 0s.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP address
belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify
this option if the protected IP address is on the public network.
threshold threshold-value: Sets the threshold for triggering RST flood attack prevention. The value range
is 1 to 1000000 in units of RST packets sent to the specified IP address per second.
action: Specifies the actions when an RST flood attack is detected. If no action is specified, the global
actions set by the rst-flood action command apply.
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent RST packets destined for the protected IP address.
logging: Enables logging for RST flood attack events. The log information records the detection interface,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention action, and start time
of the attack.
To Next Page
Loading...
Need help?
General
