439
[Switch-attack-defense-policy-a1] signature detect tcp-fin-only action logging
[Switch-attack-defense-policy-a1] signature detect tcp-invalid-flags action logging
[Switch-attack-defense-policy-a1] signature detect tcp-null-flag action logging
[Switch-attack-defense-policy-a1] signature detect tcp-syn-fin action logging
# Enable low level scanning attack detection and specify logging as the attack prevention action.
[Router-attack-defense-policy-a1] scan detect level low action logging
# Enable SYN flood attack detection for 192.168.2.1. Set the threshold for triggering SYN flood
attack prevention to 5000 and specify logging and drop as the attack prevention actions.
[Switch-attack-defense-policy-a1] syn-flood detect ip 192.168.2.1 threshold 5000 action
logging drop
# Enable global SYN flood attack detection, set the global threshold for triggering SYN flood attack
prevention to 2000, and specify logging as the global attack prevention action.
[Switch-attack-defense-policy-a1] syn-flood detect non-specific
[Switch-attack-defense-policy-a1] syn-flood threshold 2000
[Switch-attack-defense-policy-a1] syn-flood action logging
[Switch-attack-defense-policy-a1] quit
# Apply the attack defense policy to the device.
[Switch] attack-defense local apply policy a1
Verifying the configuration
# Verify that attack defense policy a1 is correctly configured.
[Switch] display attack-defense policy a1
Attack-defense Policy Information
--------------------------------------------------------------------------
Policy name : a1
Applied list : Local
--------------------------------------------------------------------------
Exempt IPv4 ACL : Not configured
Exempt IPv6 ACL : Not configured
--------------------------------------------------------------------------
Actions: CV-Client verify BS-Block source L-Logging D-Drop N-None
Signature attack defense configuration:
Signature name Defense Level Actions
Fragment Disabled low L
Impossible Disabled medium L,D
Teardrop Disabled medium L,D
Tiny fragment Disabled low L
IP option abnormal Disabled medium L,D
Smurf Enabled medium L,D
Traceroute Disabled low L
Ping of death Disabled medium L,D
Large ICMP Disabled info L
Max length 4000 bytes
Large ICMPv6 Disabled info L
Max length 4000 bytes
TCP invalid flags Disabled medium L
TCP null flag Disabled medium L
To Next Page
Loading...
