Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
461462463464465466467468469470
454
Add to blacklist : Enabled
Blacklist timeout : 10 minutes
Max-rate : 1000 connections/s
Signature-detect action : Drop-packet
--------------------------------------------------------------------------
ICMP flood attack-defense : Enabled
ICMP flood action : Syslog
ICMP flood high-rate : 2000 packets/s
ICMP flood low-rate : 750 packets/s
ICMP flood attack-defense for specific IP addresses:
IP High-rate(packets/s) Low-rate(packets/s)
192.168.1.1 1000 500
192.168.2.1 2000 1000
--------------------------------------------------------------------------
UDP flood attack-defense : Enabled
UDP flood action : Drop-packet
UDP flood high-rate : 2000 packets/s
UDP flood low-rate : 750 packets/s
UDP Flood attack-defense for specific IP addresses:
IP High-rate(packets/s) Low-rate(packets/s)
192.168.1.1 1000 500
192.168.2.1 2000 500
--------------------------------------------------------------------------
SYN flood attack-defense : Enabled
SYN flood action : Drop-packet
SYN flood high-rate : 2000 packets/s
SYN flood low-rate : 750 packets/s
SYN Flood attack-defense for specific IP addresses:
IP High-rate(packets/s) Low-rate(packets/s)
192.168.1.1 1000 750
192.168.2.1 2000 1000
Table 73 Command output
Filed Descri
p
tion
Policy number Sequence number of the attack protection policy.
Bound interfaces Interfaces to which the attack protection policy is applied.
Smurf attack-defense Indicates whether Smurf attack protection is enabled.
ICMP redirect attack-defense Indicates whether ICMP redirect attack protection is enabled.
ICMP unreachable attack-defense
Indicates whether ICMP unreachable attack protection is
enabled.
Large ICMP attack-defense Indicates whether large ICMP attack protection is enabled.
Max-length Maximum length allowed for an ICMP packet.
TCP flag attack-defense Indicates whether TCP flag attack protection is enabled.
Tracert attack-defense Indicates whether tracert attack protection is enabled.
Fraggle attack-defense Indicates whether Fraggle attack protection is enabled.