Signature-Detect Large-Icmp Max-Length; Tcp-Proxy Enable - HPE FlexNetwork HSR6800 Security Command Reference

signature-detect large-icmp max-length

Use signature-detect large-icmp max-length to specify the ICMP packet length threshold that
triggers large ICMP attack protection.
Use undo signature-detect large-icmp max-length to restore the default.
Syntax
signature-detect large-icmp max-length length
undo signature-detect large-icmp max-length
Default
An ICMP packet length of 4000 bytes triggers large ICMP attack protection.
Views
Attack protection policy view
Default command level
2: System level
Parameters
length: Maximum length of an ICMP packet, in the range of 28 to 65534 bytes.
Usage guidelines
With signature detection of large ICMP attack enabled, a device considers all ICMP packets longer
than the specified maximum length as large ICMP attack packets.
This command is effective only when signature detection of large ICMP attack is enabled.
Examples
# Enable signature detection of large ICMP attack, set the ICMP packet length threshold that triggers
large ICMP attack protection to 5000 bytes, and configure the device to drop ICMP packets longer
than the specified maximum length.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature-detect large-icmp enable
[Sysname-attack-defense-policy-1] signature-detect large-icmp max-length 5000
[Sysname-attack-defense-policy-1] signature-detect action drop-packet
Related commands
•
display attack-defense policy
•
signature-detect large-icmp enable

tcp-proxy enable

Use tcp-proxy enable to enable the TCP proxy function on an interface.
Use undo tcp-proxy enable to disable this function.
Syntax
tcp-proxy enable
undo tcp-proxy enable
Default
The TCP proxy function is disabled on an interface.
445