EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #435 background imageLoading...
Page #435 background image
422
Task Command Remarks
Display configuration information
about one or all attack protection
policies.
display attack-defense policy
[
policy-number ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display information about
blacklist entries.
display blacklist
{
all
|
ip
sour-address } [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display the traffic statistics of an
interface.
display flow-statistics statistics interface
interface-type interface-number {
inbound
|
outbound
} [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display the interface traffic
statistics based on IP addresses.
display flow-statistics statistics
{
destination-ip
dest-ip-address |
source-ip
src-ip-address } [
vpn-instance
vpn-instance-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Clear attack protection statistics
information about an interface.
reset attack-defense statistics interface
interface-type interface-number
Available in user view.
Attack detection and protection configuration
examples
Attack protection functions on interfaces configuration
example
Network requirements
As shown in Figure 141, GigabitEthernet 1/1 is connected with the internal network, GigabitEthernet
1/2 is connected to the external network, and GigabitEthernet 1/3 is connected with an internal
server.
Protect internal hosts against Smurf attacks and scanning attacks from the external network. Protect
the internal server against SYN flood attacks from the external network. To meet the requirements,
perform the following configurations:
• On GigabitEthernet 1/2, configure Smurf attack protection and scanning attack protection,
enable the blacklist function for scanning attack protection, and set the connection rate
threshold that triggers the scanning attack protection to 4500 connections per second.
• On GigabitEthernet 1/3, configure SYN flood attack protection, so that the device drops
subsequent SYN packets when the SYN packet sending rate to a server constantly reaches or
exceeds 5000 packets per second, and permits SYN packets to be sent to the server again
when this rate drops below 1000 packets per second.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals