R3303-HP HSR6800 Routers Security Command Reference

447

defense syn-flood enable

Use defense syn-flood enable to enable SYN flood attack protection.

Use undo defense syn-flood enable to restore the default.

Syntax

defense syn-flood enable

undo defense syn-flood enable

Default

SYN flood attack protection is disabled.

Views

Attack protection policy view

Default command level

2: System level

Examples

# Enable SYN flood attack protection in attack protection policy 1.

<Sysname> system-view

[Sysname] attack-defense policy 1

[Sysname-attack-defense-policy-1] defense syn-flood enable

Related commands

• defense syn-flood

• display attack-defense policy

defense syn-flood ip

Use defense syn-flood ip to configure the action and silence thresholds for SYN flood attack protection

of a specific IP address.

Use undo defense syn-flood ip to remove the configuration.

Syntax

defense syn-flood ip ip-address rate-threshold high rate-number [ low rate-number ]

undo defense syn-flood ip ip-address [ rate-threshold ]

Default

No SYN flood attack protection thresholds are configured for an IP address.

Views

Attack protection policy view

Default command level

2: System level

Parameters

ip-address: IP address to be protected. This IP address cannot be a broadcast address, 127.0.0.0/8, a

class D address, or a class E address.