HPE FlexNetwork HSR6800 Security Command Reference page 446
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
SYN Flood attack-defense for specific IP addresses:
IP
192.168.1.1
192.168.2.1
Table 73 Command output
Filed
Policy number
Bound interfaces
Smurf attack-defense
ICMP redirect attack-defense
ICMP unreachable attack-defense
Large ICMP attack-defense
Max-length
TCP flag attack-defense
Tracert attack-defense
Fraggle attack-defense
WinNuke attack-defense
LAND attack-defense
Source route attack-defense
Route record attack-defense
Scan attack-defense
Add to blacklist
Blacklist timeout
Max-rate
Signature-detect action
ICMP flood attack-defense
ICMP flood action
ICMP flood high-rate
ICMP flood low-rate
ICMP flood attack-defense for specific IP
addresses
UDP flood attack-defense
UDP flood action
UDP flood high-rate
High-rate(packets/s)
1000
2000
Description
Sequence number of the attack protection policy.
Interfaces to which the attack protection policy is applied.
Indicates whether Smurf attack protection is enabled.
Indicates whether ICMP redirect attack protection is enabled.
Indicates whether ICMP unreachable attack protection is
enabled.
Indicates whether large ICMP attack protection is enabled.
Maximum length allowed for an ICMP packet.
Indicates whether TCP flag attack protection is enabled.
Indicates whether tracert attack protection is enabled.
Indicates whether Fraggle attack protection is enabled.
Indicates whether WinNuke attack protection is enabled.
Indicates whether Land attack protection is enabled.
Indicates whether Source Route attack protection is enabled.
Indicates whether Route Record attack protection is enabled.
Indicates whether scanning attack protection is enabled.
Indicates whether the blacklist function is enabled for
scanning attack protection.
Aging time of the blacklist entries.
Threshold for the connection establishment rate.
Action to be taken when a single-packet attack is detected. It
can be Drop-packet (dropping subsequent packets) or
Syslog (outputting an alarm log).
Indicates whether ICMP flood attack protection is enabled.
Action to be taken when an ICMP flood attack is detected. It
can be Drop-packet (dropping subsequent packets) or
Syslog (outputting an alarm log).
Global action threshold for ICMP flood attack protection.
Global silence threshold for ICMP flood attack protection.
ICMP flood attack protection settings for specific IP
addresses.
Indicates whether UDP flood attack is enabled.
Action to be taken when a UDP flood attack is detected. It can
be Drop-packet (dropping subsequent packets) or Syslog
(outputting an alarm log).
Global action threshold for UDP flood attack protection.
433
Low-rate(packets/s)
750
1000
Advertisement
Table of Contents
