R3102-R3103-HP 6600/HSR6600 Routers Security Command Reference
487
route-record: Specifies the route record packet attack.
smurf: Specifies the Smurf packet attack.
source-route: Specifies the source route packet attack.
tcp-flag: Specifies the TCP flag packet attack.
tracert: Specifies the Tracert packet attack.
winnuke: Specifies the Winnuke packet attack.
Examples
# Enable signature detection of Fraggle attack in attack protection policy 1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature-detect fraggle enable
Related commands
display attack-defense policy
signature-detect action drop-packet
Use signature-detect action drop-packet to configure the device to drop single-packet attack packets.
Use undo signature-detect action to restore the default.
Syntax
signature-detect action drop-packet
undo signature-detect action
Default
The device does not process the attack packets if it detects a single-packet attack.
Views
Attack protection policy view
Default command level
2: System level
Examples
# Configure attack protection policy 1 to drop single-packet attack packets.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature-detect action drop-packet
Related commands
display attack-defense policy
signature-detect large-icmp max-length
Use signature-detect large-icmp max-length to specify the ICMP packet length threshold that triggers
large ICMP attack protection.
Use undo signature-detect large-icmp max-length to restore the default.