Task
Display the configuration
information about one or all attack
protection policies.
Display information about blacklist
entries.
Display the traffic statistics of an
interface.
Display the interface traffic
statistics based on IP addresses.
Display information about the IP
addresses protected by the TCP
proxy function.
Clear attack protection statistics
about an interface.
Attack detection and protection configuration
examples
Attack protection functions on interfaces configuration example
Network requirements
As shown in
3/0/2 is connected to the external network, and GigabitEthernet 3/0/3 is connected with an internal
server.
Protect internal hosts against Smurf attacks and scanning attacks from the external network. Protect the
internal server against SYN flood attacks from the external network. To meet the requirements, perform
the following configurations:
On GigabitEthernet 3/0/2, configure Smurf attack protection and scanning attack protection,
•
enable the blacklist function for scanning attack protection, and set the connection rate threshold
that triggers the scanning attack protection to 4500 connections per second.
On GigabitEthernet 3/0/3, configure SYN flood attack protection, so that the device drops
•
subsequent SYN packets when the SYN packet sending rate to a server constantly reaches or
exceeds 5000 packets per second, and permits SYN packets to be sent to the server again when
this rate drops below 1000 packets per second.
Figure
240, GigabitEthernet 3/0/1 is connected with the internal network, GigabitEthernet
Command
display attack-defense policy
[ policy-number ] [ | { begin | exclude |
include } regular-expression ]
display blacklist { all | ip source-ip-address
[ slot slot-number ] | slot slot-number } [ |
{ begin | exclude | include }
regular-expression ]
display flow-statistics statistics interface
interface-type interface-number { inbound |
outbound } [ | { begin | exclude | include }
regular-expression ]
display flow-statistics statistics [ slot
slot-number ] { destination-ip dest-ip-address
| source-ip src-ip-address } [ vpn-instance
vpn-instance-name ] [ | { begin | exclude |
include } regular-expression ]
display tcp-proxy protected-ip [ slot
slot-number ] [ | { begin | exclude | include }
regular-expression ]
reset attack-defense statistics interface
interface-type interface-number
490
Remarks
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in user view.