652
Syntax
syn-ack-flood threshold threshold-value
undo syn-ack-flood threshold
Default
The global threshold is 1000 for triggering SYN-ACK flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the threshold for triggering SYN-ACK flood attack prevention. The value range
is 1 to 1000000 in units of SYN-ACK packets sent to an IP address per second.
Usage guidelines
The global threshold applies to SYN-ACK flood attack detection for non-specific IP addresses.
Adjust the threshold according to the application scenarios. If the number of SYN-ACK packets to a
protected server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold
might affect the server services. For a network that is unstable or susceptible to attacks, set a small
threshold.
Examples
# Set the global threshold to 100 for triggering SYN-ACK flood attack prevention in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] syn-ack-flood threshold 100
Related commands
• syn-ack-flood action
• syn-ack-flood detect
• syn-ack-flood detect non-specific
syn-flood action
Use syn-flood action to specify global actions against SYN flood attacks.
Use undo syn-flood action to restore the default.
Syntax
syn-flood action { client-verify | drop | logging } *
undo syn-flood action
Default
No action is taken against detected SYN flood attacks.
Views
Attack defense policy view
To Next Page
Loading...
