Table of Contents
Advertisement
Use undo rst-flood threshold to restore the default.
Syntax
rst-flood threshold threshold-value
undo rst-flood threshold
Default
The global threshold is 1000 for triggering RST flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of RST
packets sent to an IP address per second.
Usage guidelines
With global RST flood attack detection configured, the device is in attack detection state. When the
sending rate of RST packets to an IP address reaches the threshold, the device enters prevention
state and takes the specified actions. When the rate is below the silence threshold (three-fourths of
the threshold), the device returns to the attack detection state.
The global threshold applies to global RST flood attack detection. Adjust the threshold according to
the application scenarios. If the number of RST packets sent to a protected server, such as an HTTP
or FTP server, is normally large, set a large threshold. A small threshold might affect the server
services. For a network that is unstable or susceptible to attacks, set a small threshold.
Examples
# Set the global threshold to 100 for triggering RST flood attack prevention in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] rst-flood threshold 100
Related commands
rst-flood action
rst-flood detect
rst-flood detect non-specific
scan detect
Use scan detect to configure scanning attack detection.
Use undo scan detect to remove the scanning attack detection configuration.
Syntax
scan detect level { high | low | medium } action { { block-source [ timeout minutes ] | drop } |
logging } *
undo scan detect level { high | low | medium }
582
Advertisement
Table of Contents
