Table of Contents
Advertisement
Parameters
high: Specifies the high level. None of the currently supported single-packet attacks belongs to this
level.
info: Specifies the informational level. For example, large ICMP packet attack is on this level.
low: Specifies the low level. For example, the traceroute attack is on this level.
medium: Specifies the medium level. For example, the WinNuke attack is on this level.
drop: Drops packets that match the specified level.
logging: Enable logging for single-packet attacks on the specified level.
none: Takes no action.
Usage guidelines
According to their severity, single-packet attacks are divided into four levels: info, low, medium, and
high. Enabling signature detection for a specific level enables signature detection for all
single-packet attacks on that level.
If you enable signature detection for a single-packet attack also by using the signature detect
command, action parameters in the signature detect command take effect.
Examples
# Specify the action against informational-level single-packet attacks as drop in attack defense
policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature level info action drop
Related commands
signature detect
signature level detect
signature level detect
Use signature level detect to enable signature detection for single-packet attacks on a specific
level.
Use undo signature level detect to disable signature detection for single-packet attacks on a
specific level.
Syntax
signature level { high | info | low | medium } detect
undo signature level { high | info | low | medium } detect
Default
Signature detection is disabled for all levels of single-packet attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
588
Advertisement
Table of Contents
