HP Comware 5 Debug Manual Vol 1

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

111

112

113

114

115

116

117

118

119

120

Table 52 Output from the debugging attack-defense event command

Field

Description

Attack begin.

Attack type: type

Interface: interface-type interface-number

Action: action

IP address: ip-address

Attack end.

Information about the detected attack:

• Attack type—The attack type, Scan, UDP Flood, ICMP Flood, or

SYN Flood.

• Interface—Interface where attack protection is configured.

• Action—Action against the attack. Available action parameters

are:

 none—Takes no actions but outputs the attack alarm logs.

 drop packet—Also drops attack packets.

 send RST to destination host—Also sends an RST message to

the destination host.

 drop packet and add source host to blacklist—Also drops

attack packets and adds the attacker's IP address to the

blacklist.

• IP address—Attacker's IP address for scanning attacks or the

victim IP address for flood attacks.

Single packet attack.

Attack type: type

Interface: interface-type interface-number

Action: action

Source IP address: src-ip-address

Destination IP address: dest-ip-address

Information about the detected single packet attack.

• Attack type—Types include Land, Smurf, Fraggle, Winnuke,

ICMP Redirect, ICMP Unreachable, Tracert, TCP Flag, Large

ICMP, Source Route, and Route Record.

• Interface—Interface that receives the attack packets.

• Action—Action against the attack. Available action parameters

are:

 none—Takes no additional actions but outputs the attack

alarm logs.

 drop packet—Also drops the attack packets.

• Source IP address—IP address of the attack source.

• Destination IP address—Victim IP address.

Success to add ip-address to blacklist,

aging time is aging-time(s).

Attack added ip-address to the blacklist, and the aging time is

aging-time(s).

Table 53 describes output fields and messages for the debugging attack-defense error command.

Table 53 Output from the debugging attack-defense error command

Field

Description

Failed to add ip-address to blacklist for

already existing.

The attack protection module failed to add ip-address to the

blacklist for the entry already exists.

Failed to add ip-address to blacklist.

The attack protection module failed to add ip-address to the

blacklist due to insufficient hardware or software resources.

Failed to send attack-type log to IC.

The attack protection module failed to send the attack alarm logs to

the information center (IC) after detecting an attack.

The attack types include Land, Smurf, Fraggle, Winnuke, ICMP

Redirect, ICMP Unreachable, Tracert, TCP Flag, Large ICMP,

Source Route, Route Record, Scan, UDP Flood, ICMP Flood, and

SYN Flood.

113