Table of Contents
Advertisement
Default
The global threshold is 1000 for triggering ICMPv6 flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of ICMPv6
packets sent to an IP address per second.
Usage guidelines
With global ICMPv6 flood attack detection configured, the device is in attack detection state. When
the sending rate of ICMPv6 packets to an IPv6 address reaches the threshold, the device enters
prevention state and takes the specified actions. When the rate is below the silence threshold
(three-fourths of the threshold), the device returns to the attack detection state.
The global threshold applies to global ICMPv6 flood attack detection. Adjust the threshold according
to the application scenarios. If the number of ICMPv6 packets sent to a protected server, such as an
HTTP or FTP server, is normally large, set a large threshold. A small threshold might affect the server
services. For a network that is unstable or susceptible to attacks, set a small threshold.
Examples
# Set the global threshold to 100 for triggering ICMPv6 flood attack prevention in attack defense
policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood threshold 100
Related commands
icmpv6-flood action
icmpv6-flood detect ipv6
icmpv6-flood detect non-specific
reset attack-defense policy flood
Use reset attack-defense policy flood statistics to clear flood attack detection and prevention
statistics for protected IP addresses.
Syntax
reset attack-defense policy policy-name flood protected { ip | ipv6 } statistics
Views
User view
Predefined user roles
network-admin
mdc-admin
576
Advertisement
Table of Contents
