HP 6600 Security Configuration Manual page 500
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Step
7.
Enable the blacklist
function.
Configuring a flood attack protection policy
The flood attack protection function is used to protect servers. It detects various flood attacks by
monitoring the rate at which connection requests are sent to a server. The flood attack protection function
is usually applied to the interfaces connecting the internal network and inspects only outbound packets
of the interfaces.
With flood attack protection enabled, the device is in attack detection state. When the device detects that
the rate of sending connection requests to a server constantly reaches or exceeds the specified action
threshold, the device considers the server is under attack and enters the attack protection state. Then, the
device takes protection actions as configured (by default, the device can be configured to drop the
subsequent connection request packets or use the TCP proxy as well). When the device detects that the
packet sending rate to the server drops below the silence threshold, it considers that the attack to the
server is over, turns back to the attack detection state, and stops taking the protection actions.
You can configure attack protection for specific IP addresses. For IP addresses for which you do not
configure attack protection specifically, the device uses the global attack protection settings.
To configure a SYN flood attack protection policy:
Step
1.
Enter system view.
2.
Enter attack protection
policy view.
3.
Enable SYN flood attack
protection.
4.
Configure the global action
and silence thresholds for
SYN flood attack protection.
5.
Configure the action and
silence thresholds for SYN
flood attack protection of a
specific IP address.
6.
Configure the device to drop
SYN flood attack packets or
use the TCP proxy.
To configure an ICMP flood attack protection policy:
Command
blacklist enable
Command
system-view
attack-defense policy
policy-number
defense syn-flood enable
defense syn-flood rate-threshold
high rate-number [ low
rate-number ]
defense syn-flood ip ip-address
rate-threshold high rate-number
[ low rate-number ]
defense syn-flood action
{ drop-packet | trigger-tcp-proxy }
486
Remarks
Required to make the blacklist
entries added by the scanning
attack protection function take
effect.
By default, the blacklist function
is disabled.
Remarks
N/A
N/A
Disabled by default.
Optional.
By default, the action threshold is
1000 packets per second and the
silence threshold is 750 packets per
second.
Optional.
Not configured by default.
Optional.
By default, the device does not
process the attack packets if it
detects an attack.
Advertisement
Table of Contents
Troubleshooting
