Ack-Flood Threshold; Attack-Defense Apply Policy - H3C MSR Series Command Reference Manual

ack-flood threshold

Use ack-flood threshold to set the global threshold for triggering ACK flood attack prevention.
Use undo ack-flood threshold to restore the default.
Syntax
ack-flood threshold threshold-value
undo ack-flood threshold
Default
The global threshold is 1000 for triggering ACK flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of ACK
packets sent to an IP address per second.
Usage guidelines
The device applies the global threshold to global ACK flood attack detection. Adjust the threshold
according to the application scenarios. If the number of ACK packets sent to a protected server, such
as an HTTP or FTP server, is normally large, set a large threshold. A small threshold might affect the
server services. For a network that is unstable or susceptible to attacks, set a small threshold.
With global ACK flood attack detection configured, the device is in attack detection state. When the
sending rate of ACK packets to an IP address reaches the threshold, the device enters prevention
state and takes the specified actions. When the rate is below the silence threshold (three-fourths of
the threshold), the device returns to the attack detection state.
Examples
# Set the global threshold to 100 for triggering ACK flood attack prevention in the attack defense
policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] ack-flood threshold 100
Related commands
ack-flood action
ack-flood detect
ack-flood detect non-specific

attack-defense apply policy

Use attack-defense apply policy to apply an attack defense policy to an interface.
Use undo attack-defense apply policy to restore the default.
Syntax
attack-defense apply policy policy-name
undo attack-defense apply policy
975