Attack detection and prevention
commands
Commands and descriptions for centralized devices apply to the following routers:
•
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-L
MS/810-LUS.
•
MSR2600-10-X1.
•
MSR 2630.
•
MSR3600-28/3600-51.
•
MSR3600-28-SI/3600-51-SI.
•
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
•
MSR 3610/3620/3620-DP/3640/3660.
Commands and descriptions for distributed devices apply to the following routers:
•
MSR5620.
•
MSR 5660.
•
MSR 5680.
ack-flood action
Use ack-flood action to specify global actions against ACK flood attacks.
Use undo ack-flood action to restore the default.
Syntax
ack-flood action { client-verify | drop | logging } *
undo ack-flood action
Default
No global action is specified for ACK flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP
client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent ACK packets destined for the victim IP addresses.
logging: Enables logging for ACK flood attack events.
Usage guidelines
For the ACK flood attack detection to collaborate with the TCP client verification, make sure the
client-verify keyword is specified and the TCP client verification is enabled. To enable TCP client
verification, use the client-verify tcp enable command.
972