Configuring A Flood Attack Defense Policy - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Configuring a flood attack defense policy
Apply a flood attack defense policy to the interface that is connected to the external network to
protect internal servers.
Flood attack detection monitors the rate at which connections are initiated to the internal servers.
With flood attack detection enabled, the device is in attack detection state. When the packet sending
rate to an IP address reaches the threshold, the device enters prevention state and takes the
specified actions. When the rate is below the silence threshold (three-fourths of the threshold), the
device returns to the attack detection state.
If a device has multiple service cards, the global trigger threshold you set takes effect on each
service card. The global trigger threshold of the device is the product of multiplying the value you set
by the service card quantity.
You can configure flood attack detection and prevention for a specific IP address. For non-specific IP
addresses, the device uses the global attack prevention settings.
Configuring a SYN flood attack defense policy
Step
1.
Enter system view.
2.
Enter attack defense policy
view.
3.
Enable global SYN flood
attack detection.
4.
Set the global trigger
threshold for SYN flood
attack prevention.
5.
Specify global actions
against SYN flood attacks.
6.
Configure IP
address-specific SYN flood
attack detection.
Configuring an ACK flood attack defense policy
Step
1.
Enter system view.
2.
Enter attack defense policy
view.
3.
Enable global ACK flood
attack detection.
4.
Set the global trigger
threshold for ACK flood
attack prevention.
5.
Specify global actions
against ACK flood attacks.
6.
Configure IP
address-specific ACK flood
attack detection.
Command
system-view
attack-defense policy
policy-name
syn-flood detect non-specific
syn-flood threshold
threshold-value
syn-flood action { drop |
logging } *
syn-flood detect { ip
ipv4-address | ipv6
ipv6-address } [ vpn-instance
vpn-instance-name ] [ threshold
threshold-value ] [ action { { drop
| logging } * | none } ]
Command
system-view
attack-defense policy
policy-name
ack-flood detect non-specific
ack-flood threshold
threshold-value
ack-flood action { drop |
logging } *
ack-flood detect { ip
ipv4-address | ipv6
ipv6-address } [ vpn-instance
385
Remarks
N/A
N/A
By default, global SYN flood attack
detection is disabled.
The default setting is 1000.
By default, no global action is
specified for SYN flood attacks.
By default, IP address-specific SYN
flood attack detection is not
configured.
Remarks
N/A
N/A
By default, global ACK flood attack
detection is disabled.
The default setting is 1000.
By default, no global action is
specified for ACK flood attacks.
By default, IP address-specific ACK
flood attack detection is not
Advertisement
Table of Contents
Troubleshooting
