Rst-Flood Detect Non-Specific - HP MSR Series Command Reference Manual

Usage guidelines
You can configure RST flood attack detection for multiple IP addresses in one attack defense policy.
With RST flood attack detection configured, the device is in attack detection state. An attack occurs when
the device detects that the sending rate of RST packets to a protected IP address reaches or exceeds the
threshold. The device enters prevention state and takes actions to protect the target IP address. When the
rate is below the silence threshold (three-fourths of the threshold), the device considers that the threat is
over and returns to the attack detection state.
Examples
# Configure RST flood attack detection for 192.168.1.2 in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] rst-flood detect ip 192.168.1.2 threshold
2000
Related commands
• rst-flood action

rst-flood detect non-specific

•
rst-flood threshold
•
rst-flood detect non-specific
Use rst-flood detect non-specific to enable RST flood attack detection for non-specific IP addresses.
Use undo rst-flood detect non-specific to restore the default.
Syntax
rst-flood detect non-specific
undo rst-flood detect non-specific
Default
RST flood attack detection is not enabled for non-specific IP addresses.
Views
Attack defense policy view
Predefined user roles
network-admin
Usage guidelines
This command enables global RST flood attack detection. It applies to all IP addresses except for those
specified by the rst-flood detect command. The system uses the global trigger threshold set by the
rst-flood threshold command and global actions specified by the rst-flood action command.
Examples
# Enable RST flood attack detection for non-specific IP addresses in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] rst-flood detect non-specific
640