Zte ZXR10 8900 Series Command Manual page 92

10g routing switch

Hide thumbs Also See for ZXR10 8900 Series:

User manual (186 pages)

Command reference manual (147 pages)

Hardware manual (131 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

page of 177

/ 177
Contents
Table of Contents
Bookmarks

Table of Contents

ZXR10 8900 Series Command Manual (FW Volume)

Parameter

Description

Example

Confidential and Proprietary Information of ZTE CORPORATION

Parameter

add

protect_name

icmpflood

ipsweep

synflood

udpflood

portscan

log

yes|no

action

pass|block

To add one intrusion detection rule, set address of protected host

to hostA, deny packets passing through and record it in log, exe-

cute the following command:

# dos rule add protect_name hostA icmpflood 800 ipsweep

8 synflood 300 udpflood 300 portscan 8 log yes action

block

Description

This adds one host or subnet to be protected.

This sets address resource to be protected,

which can be host, subnet or address range.

This address resource shall be added in

command define in advance.

This is one string, indicating the name of

address resource.

This sets the max reply requests initiated to

protected object per second.

This is one number, indicating max connection

requests, 500 by default, ranging from 1 to

-65535.

This sets the max ICMP packets sent from

the same one IP to multiple hosts within

the specified interval. When packet number

reaches this threshold, it believes that

addresses are scanned for one time.

This is one number, in range of 1-65535.

This sets the max connection requests

initiated to protected object per second.

This is one number, 500 by default, ranging

from 1 to -65535.

This sets the max UDP packets sent to

protected object per second. When the packet

number reaches this threshold, UDP flooding

attack protection function is enabled.

This is one number, 1000 by default, ranging

from 1 to -65535.

This sets the max IP packets containing TCP

SYN segment sent from the same one source

IP to multiple ports of destination IP within

the specified interval. When packet number

reaches this threshold, it believes that ports

are scanned for one time.

This is one number, in range of 1-65535.

When attack event occurs, it sets whether to

record it into log.

yes: Record the event into log; no: Don't

record the event into log.

It sets whether to permit packets to pass

through.

pass: It indicates permitting packets to pass

through; block: It indicates denying packets

passing through.

Table of Contents

Show Quick Links

Quick Links:
Config Reset

Hide quick links:

Table of Contents

Zte ZXR10 8900 Series Command Manual page 92

Hide quick links:

Related Manuals for Zte ZXR10 8900 Series

Related Products for Zte ZXR10 8900 Series

Table of Contents