Icmpv6-Flood Threshold - H3C MSR Series Command Reference Manual

Comware 7 security

Hide thumbs Also See for MSR Series:

Table of Contents

Global ICMPv6 flood attack detection is disabled.

Attack defense policy view

Predefined user roles

network-admin

Usage guidelines

The global ICMPv6 flood attack detection applies to all IPv6 addresses except for those specified by

the icmpv6-flood detect ipv6 command. The global detection uses the global trigger threshold set

by the icmpv6-flood threshold command and global actions specified by the icmpv6-flood action

# Enable global ICMPv6 flood attack detection in the attack defense policy atk-policy-1.

<Sysname> system-view

[Sysname] attack-defense policy atk-policy-1

[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood detect non-specific

Related commands

icmpv6-flood action

icmpv6-flood detect ipv6

icmpv6-flood threshold

Use icmpv6-flood threshold to set the global threshold for triggering ICMPv6 flood attack

Use undo icmpv6-flood threshold to restore the default.

icmpv6-flood threshold threshold-value

undo icmpv6-flood threshold

The global threshold is 1000 for triggering ICMPv6 flood attack prevention.

Attack defense policy view

Predefined user roles

network-admin

threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of ICMPv6

packets sent to an IP address per second.

Usage guidelines

The global threshold applies to global ICMPv6 flood attack detection. Adjust the threshold according

to the application scenarios. If the number of ICMPv6 packets sent to a protected server, such as an

HTTP or FTP server, is normally large, set a large threshold. A small threshold might affect the server

services. For a network that is unstable or susceptible to attacks, set a small threshold.