434
Configuring a UDP flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter attack defense policy
view.
attack-defense policy
policy-name
N/A
3. Enable global UDP flood
attack detection.
udp-flood
detect
non-specific
By default, global UDP flood attack
detection is disabled.
4. Set the global trigger
threshold for UDP flood
attack prevention.
udp-flood threshold
threshold-value
The default setting is 1000.
5. Specify global actions
against UDP flood attacks.
udp-flood action
{
drop
|
logging
} *
By default, no global action is
specified for UDP flood attacks.
6. Configure IP
address-specific UDP flood
attack detection.
udp-flood
detect
{
ip
ipv4-address
|
ipv6
ipv6-address } [
vpn-instance
vpn-instance-name ] [
threshold
threshold-value ] [
action
{ {
drop
|
logging
} * |
none
} ]
By default, IP address-specific UDP
flood attack detection is not
configured.
Configuring a DNS flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter attack defense policy
view.
attack-defense policy
policy-name
N/A
3. Enable global DNS flood
attack detection.
dns-flood detect non-specific
By default, global DNS flood attack
detection is disabled.
4. Set the global trigger
threshold for DNS flood
attack prevention.
dns-flood threshold
threshold-value
The default setting is 1000.
5. (Optional.) Specify the
global ports to be protected
against DNS flood attacks.
dns-flood port
port-list
By default, DNS flood attack
prevention protects port 53.
6. Specify global actions
against DNS flood attacks.
dns-flood action
{
drop
|
logging
} *
By default, no global action is
specified for DNS flood attacks.
7. Configure IP
address-specific DNS flood
attack detection.
dns-flood
detect
{
ip
ipv4-address
|
ipv6
ipv6-address } [
vpn-instance
vpn-instance-name ] [
port
port-list ] [
threshold
threshold-value ] [
action
{ {
drop
|
logging
} * |
none
} ]
By default, IP address-specific DNS
flood attack detection is not
configured.
Configuring an HTTP flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter attack defense policy
view.
attack-defense policy
policy-name
N/A
3. Enable global HTTP flood
attack detection.
http-flood detect non-specific
By default, global HTTP flood attack
detection is disabled.
To Next Page
Loading...
Need help?
General