Dns-Flood Action - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Table 140 Command output
Field
Totally
3
addresses
IPv6 address
VPN instance
TTL(sec)
dns-flood action
Use dns-flood action to specify global actions against DNS flood attacks.
Use undo dns-flood action to restore the default.
Syntax
dns-flood action { client-verify | drop | logging } *
undo dns-flood action
Default
No global action is specified for DNS flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for DNS client verification. If DNS
client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent DNS packets destined for the victim IP addresses.
logging: Enables logging for DNS flood attack events.
Usage guidelines
For the DNS flood attack detection to collaborate with the DNS client verification, make sure the
client-verify keyword is specified and the DNS client verification is enabled. To enable DNS client
verification, use the client-verify dns enable command.
Examples
# Specify drop as the global action against DNS flood attacks in the attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood action drop
Related commands
dns-flood detect
dns-flood detect non-specific
Description
protected
IPv6
Number of trusted IPv6 addresses.
Trusted IPv6 address.
MPLS L3VPN instance to which the trusted IPv6 address belongs. If the
trusted IPv6 address is on the public network, this field displays hyphens
(--).
Remaining aging time of the trusted IPv6 address, in seconds. If no aging
time is set, this field displays Never.
882
Advertisement
