431
Step Command Remarks
logging
} *
Configuring a flood attack defense policy
Flood attack detection monitors the rate at which connections are initiated to the device.
With flood attack detection enabled, the device is in attack detection state. When the packet sending
rate to an IP address reaches the threshold, the device enters prevention state and takes the
specified actions. When the rate is below the silence threshold (three-fourths of the threshold), the
device returns to the attack detection state.
You can configure flood attack detection and prevention for a specific IP address. For non-specific IP
addresses, the device uses the global attack prevention settings.
Configuring a SYN flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter attack defense policy
view.
attack-defense policy
policy-name
N/A
3. Enable global SYN flood
attack detection.
syn-flood detect non-specific
By default, global SYN flood attack
detection is disabled.
4. Set the global trigger
threshold for SYN flood
attack prevention.
syn-flood threshold
threshold-value
The default setting is 1000.
5. Specify global actions
against SYN flood attacks.
syn-flood action
{
drop
|
logging
} *
By default, no global action is
specified for SYN flood attacks.
6. Configure IP
address-specific SYN flood
attack detection.
syn-flood
detect
{
ip
ipv4-address
|
ipv6
ipv6-address } [
vpn-instance
vpn-instance-name ] [
threshold
threshold-value ] [
action
{ {
drop
|
logging
} * |
none
} ]
By default, IP address-specific SYN
flood attack detection is not
configured.
Configuring an ACK flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter attack defense policy
view.
attack-defense policy
policy-name
N/A
3. Enable global ACK flood
attack detection.
ack-flood detect non-specific
By default, global ACK flood attack
detection is disabled.
4. Set the global trigger
threshold for ACK flood
attack prevention.
ack-flood threshold
threshold-value
The default setting is 1000.
5. Specify global actions
against ACK flood attacks.
ack-flood action
{
drop
|
logging
} *
By default, no global action is
specified for ACK flood attacks.
6. Configure IP
address-specific ACK flood
attack detection.
ack-flood
detect
{
ip
ipv4-address
|
ipv6
ipv6-address } [
vpn-instance
vpn-instance-name ] [
threshold
threshold-value ] [
action
{ {
drop
By default, IP address-specific ACK
flood attack detection is not
configured.
To Next Page
Loading...
Need help?
General