421
the aging time, which is configurable. For the configuration of scanning attack protection, see
"Configuring a scanning attack protection policy."
Enabling traffic statistics on an interface
To collect traffic statistics on an interface, enable the traffic statistics function on the interface. The
device supports traffic statistics in the following two modes:
• By direction, inbound or outbound—Collect statistics on packets received on or sent from an
interface.
• By IP address, source IP address or destination IP address—Collect statistics on packets
received on an interface by source IP addresses, or on packets sent from an interface by
destination IP addresses.
To enable traffic statistics on an interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Enable traffic statistics on
the interface.
flow-statistics enable
{
destination-ip
|
inbound
|
outbound
|
source-ip
}
Disabled by default.
Enabling TCP fragment attack protection
The TCP fragment attack protection feature detects the length and fragment offset of received TCP
fragments and drops attack TCP fragments.
TCP fragment attack protection takes precedence over single-packet attack protection. When both
are used, incoming TCP packets are processed first by TCP fragment attack protection and then by
the single-packet attack protection policy.
To enable TCP fragment attack protection:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable TCP fragment attack
protection.
attack-defense tcp fragment
enable
By default, TCP fragment attack
prevention is enabled.
Displaying and maintaining attack detection and
protection
Task Command Remarks
Display the attack protection
statistics of an interface.
display attack-defense statistics
interface
interface-type interface-number [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
To Next Page
Loading...
Need help?
General
