Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
33
signature-detect
Use signature-detect to enable signature detection of a single-packet attack.
Use undo signature-detect to disable signature detection of a single-packet attack.
Syntax
signature-detect { fraggle | icmp-redirect | icmp-unreachable | land | large-icmp | route-record |
smurf | source-route | tcp-flag | tracert | winnuke } enable
undo signature-detect { fraggle | icmp-redirect | icmp-unreachable | land | large-icmp | route-record
| smurf | source-route | tcp-flag | tracert | winnuke } enable
Default
Signature detection of all type of attacks is disabled.
Views
Attack protection policy view
Default command level
2: System level
Parameters
fraggle: Specifies the Fraggle packet attack.
icmp-redirect: Specifies the ICMP redirect packet attack.
icmp-unreachable: Specifies the ICMP unreachable packet attack.
land: Specifies the Land packet attack.
large-icmp: Specifies the large ICMP packet attack.
route-record: Specifies the route record packet attack.
smurf: Specifies the Smurf packet attack.
source-route: Specifies the source route packet attack.
tcp-flag: Specifies the TCP flag packet attack.
tracert: Specifies the Tracert packet attack.
winnuke: Specifies the Winnuke packet attack.
Examples
# Enable signature detection of Fraggle attack in attack protection policy 1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature-detect fraggle enable
Related commands
display attack-defense policy
signature-detect action drop-packet
Use signature-detect action drop-packet to configure the device to drop single-packet attack packets.
Use undo signature-detect action to restore the default.