Download Print this page

Rst-Flood Detect Non-Specific - HP FlexNetwork MSR Series Command Reference Manual

Comware 7 security
Hide thumbs Also See for FlexNetwork MSR Series:

Advertisement

Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the IPv4 address to be protected. The ipv4-address argument cannot be
255.255.255.255 or 0.0.0.0.
ipv6 ipv6-address: Specifies the IPv6 address to be protected.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP
address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Do not specify this option if the protected IP address is on the public network.
threshold threshold-value: Specifies the threshold for triggering RST flood attack prevention. The
value range is 1 to 1000000 in units of RST packets sent to the specified IP address per second.
action: Specifies the actions when an RST flood attack is detected. If no action is specified, the
global actions set by the rst-flood action command apply.
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP
client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent RST packets destined for the protected IP address.
logging: Enables logging for RST flood attack events.
none: Takes no action.
Usage guidelines
With RST flood attack detection configured for an IP address, the device is in attack detection state.
When the sending rate of RST packets to the IP address reaches the threshold, the device enters
prevention state and takes the specified actions. When the rate is below the silence threshold
(three-fourths of the threshold), the device considers returns to the attack detection state.
Examples
# Configure RST flood attack detection for 192.168.1.2 in the attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] rst-flood detect ip 192.168.1.2 threshold
2000
Related commands
rst-flood action

rst-flood detect non-specific

rst-flood threshold
rst-flood detect non-specific
Use rst-flood detect non-specific to enable global RST flood attack detection.
Use undo rst-flood detect non-specific to disable global RST flood attack detection.
Syntax
rst-flood detect non-specific
undo rst-flood detect non-specific
Default
Global RST flood attack detection is disabled.
907

Advertisement

loading