Signature { Large-Icmp | Large-Icmpv6 } Max-Length - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
action: Specifies the actions against scanning attacks.
block-source: Adds the attackers' IP addresses to the IP blacklist. If the blacklist feature is enabled
on the receiving interface, the device drops subsequent packets from the blacklisted IP addresses.
timeout minutes: Specifies the aging timer in minutes for the dynamically added blacklist entries, in
the range of 1 to 1000. The default aging timer is 10 minutes.
drop: Drops subsequent packets from detected scanning attack sources.
logging: Enables logging for scanning attack events.
Usage guidelines
To collaborate with the IP blacklist feature, make sure the blacklist feature is enabled on the interface
to which the attack defense policy is applied.
The aging timer set by the timeout minutes option must be longer than the statistics collection
interval.
Examples
# Configure low level scanning attack detection and specify the prevention action as drop in the
attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] scan detect level low action drop
# Configure scanning attack detection in the attack defense policy atk-policy-1. Specify the
detection level as low and the prevention actions as block-source and logging. Set the aging time
for the dynamically added IP blacklist entries to 10 minutes.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] scan detect level low action logging
block-source timeout 10
Related commands
blacklist enable
blacklist global enable
signature { large-icmp | large-icmpv6 } max-length
Use signature { large-icmp | large-icmpv6 } max-length to set the maximum length of safe ICMP
or ICMPv6 packets. A large ICMP or ICMPv6 attack occurs if an ICMP or ICMPv6 packet larger than
the specified length is detected.
Use undo signature { large-icmp | large-icmpv6 } max-length to restore the default.
Syntax
signature { large-icmp | large-icmpv6 } max-length length
undo signature { large-icmp | large-icmpv6 } max-length
Default
The maximum length of safe ICMP or ICMPv6 packets is 4000 bytes.
Views
Attack defense policy view
Predefined user roles
network-admin
1075
Advertisement
Table of Contents
