Table of Contents
Advertisement
Security CLI Commands
19.44
security set IDS portfloodthreshold
19.44.1
Syntax
security set IDS portfloodthreshold <max>
19.44.2
Description
This command allows you to set the maximum number of SYN packets that
can be sent to a single port before a port flood is detected. If the number of
SYN packets counted within the time duration set by the command security
set IDS floodperiod is greater than the maximum value set here, the
suspected attacker is blocked for the time limit specified in the command
security set IDS DOSattackblock.
For example, using the default settings, if more than 10 SYN packets are
received per second for a 10 second duration, the attacker is blocked.
Note:
19.44.3
Options
The following table gives the range of values for each option which can be
specified with this command and a default value (if applicable).
Option
max
19.44.4
Example
--> security set IDS portfloodthreshold 15
590
This CLI command is case-sensitive. You must type the command
attributes exactly as they appear in the syntax section of this page. If
you do not use the same case-sensitive syntax, the command fails
and the CLI displays a syntax error message.
Description
Maximum number of SYN packets that
can be received by a single port
before a flood is detected.
Default value
10 (per second)
2/1553-ZAT 759 94 Uen B – December 2005
Advertisement
Table of Contents
