R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

461

462

463

464

465

466

467

468

469

470

455

Filed Descri

tion

WinNuke attack-defense Indicates whether WinNuke attack protection is enabled.

LAND attack-defense Indicates whether Land attack protection is enabled.

Source route attack-defense Indicates whether Source Route attack protection is enabled.

Route record attack-defense Indicates whether Route Record attack protection is enabled.

Scan attack-defense Indicates whether scanning attack protection is enabled.

Add to blacklist

Indicates whether the blacklist function is enabled for scanning

attack protection.

Blacklist timeout Aging time of the blacklist entries.

Max-rate Threshold for the connection establishment rate.

Signature-detect action

Action to be taken when a single-packet attack is detected. It

can be Drop-packet (dropping subsequent packets) or Syslog

(outputting an alarm log).

ICMP flood attack-defense Indicates whether ICMP flood attack protection is enabled.

ICMP flood action

Action to be taken when an ICMP flood attack is detected. It can

be Drop-packet (dropping subsequent packets) or Syslog

(outputting an alarm log).

ICMP flood high-rate Global action threshold for ICMP flood attack protection.

ICMP flood low-rate Global silence threshold for ICMP flood attack protection.

ICMP flood attack-defense for specific IP

addresses

ICMP flood attack protection settings for specific IP addresses.

UDP flood attack-defense Indicates whether UDP flood attack is enabled.

UDP flood action

Action to be taken when a UDP flood attack is detected. It can

be Drop-packet (dropping subsequent packets) or Syslog

(outputting an alarm log).

UDP flood high-rate Global action threshold for UDP flood attack protection.

UDP flood low-rate Global silence threshold for UDP flood attack protection.

UDP flood attack on IP UDP flood attack protection settings for specific IP addresses.

SYN flood attack-defense Indicates whether SYN flood attack is enabled.

SYN flood action

Action to be taken when a SYN flood attack is detected. It can

be Drop-packet (dropping subsequent packets) or Syslog

(outputting an alarm log).

SYN flood high-rate Global action threshold for SYN flood attack protection.

SYN flood low-rate Global silence threshold for SYN flood attack protection.

SYN flood attack on IP SYN flood attack protection settings for specific IP addresses.

# Display summary configuration information about all attack protection policies.

<Sysname> display attack-defense policy

Attack-defense Policy Brief Information

--------------------------------------------------------------------------

Policy Number Bound Interface

1 GigabitEthernet3/0/1