Ack-Flood Detect Non-Specific - H3C MSR Series Command Reference Manual

Usage guidelines
With ACK flood attack detection configured for an IP address, the device is in attack detection state.
When the sending rate of ACK packets to the IP address reaches the threshold, the device enters
prevention state and takes the specified actions. When the rate is below the silence threshold
(three-fourths of the threshold), the device returns to the attack detection state.
Examples
# Configure ACK flood attack detection for 192.168.1.2 in the attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] ack-flood detect ip 192.168.1.2 threshold
2000
Related commands
ack-flood action

ack-flood detect non-specific

ack-flood threshold
client-verify tcp enable
ack-flood detect non-specific
Use ack-flood detect non-specific to enable global ACK flood attack detection.
Use undo ack-flood detect non-specific to disable global ACK flood attack detection.
Syntax
ack-flood detect non-specific
undo ack-flood detect non-specific
Default
Global ACK flood attack detection is disabled.
Views
Attack defense policy view
Predefined user roles
network-admin
Usage guidelines
The global ACK flood attack detection applies to all IP addresses except those specified by the
ack-flood detect command. The global detection uses the global trigger threshold set by the
ack-flood threshold command and global actions specified by the ack-flood action command.
Examples
# Enable global ACK flood attack detection in the attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] ack-flood detect non-specific
Related commands
ack-flood action
ack-flood detect
ack-flood threshold
974