R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

461

462

463

464

465

466

467

468

469

470

451

Syntax

defense udp-flood ip ip-address rate-threshold high rate-number [ low rate-number ]

undo defense udp-flood ip ip-address [ rate-threshold ]

Default

No UDP flood attack protection thresholds are configured for an IP address.

Views

Attack protection policy view

Default command level

2: System level

Parameters

ip-address: IP address to be protected. This IP address cannot be a broadcast address, 127.0.0.0/8, a

class D address, or a class E address.

high rate-number: Sets the action threshold for UDP flood attack protection of the specified IP address.

The rate-number argument indicates the number of UDP packets sent to the specified IP address per

second and is in the range of 1 to 64000. With the UDP flood attack protection enabled, the device

enters attack detection state. When the device detects that the sending rate of UDP packets destined for

the specified IP address constantly reaches or exceeds the specified action threshold, the device

considers the IP address to be under attack, enters attack protection state, and takes protection actions

as configured.

low rate-number: Sets the silence threshold for UDP flood attack protection of the specified IP address.

The rate-number argument indicates the number of UDP packets sent to the specified IP address per

second and is in the range of 1 to 64000. The default value of the silence threshold is 3/4 of the action

threshold. When the device is in attack protection state, if it detects that the sending rate of UDP packets

destined for the specified IP address drops below the silence threshold, it considers that the attack is over,

returns to attack detection state, and stops the protection measures.

Usage guidelines

You can configure UDP flood attack protection thresholds for a maximum of 32 IP addresses in each

attack protection policy.

Examples

# Configure UDP flood attack protection for IP address 192.168.1.2, and set the action threshold to 2000

packets per second and the silence threshold to 1000 packets per second.

<Sysname> system-view

[Sysname] attack-defense policy 1

[Sysname-attack-defense-policy-1] defense udp-flood ip 192.168.1.2 rate-threshold high

2000 low 1000

Related commands

• defense udp-flood action drop-packet

• defense udp-flood enable

• display attack-defense policy