Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
521522523524525526527528529530
509
Usage guidelines
With signature detection of large ICMP attack enabled, a device considers all ICMP packets longer than
the specified maximum length as large ICMP attack packets.
This command is effective only when signature detection of large ICMP attack is enabled.
Examples
# Enable signature detection of large ICMP attack, set the ICMP packet length threshold that triggers
large ICMP attack protection to 5000 bytes, and configure the device to drop ICMP packets longer than
the specified maximum length.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature-detect large-icmp enable
[Sysname-attack-defense-policy-1] signature-detect large-icmp max-length 5000
[Sysname-attack-defense-policy-1] signature-detect action drop-packet
Related commands
display attack-defense policy
signature-detect large-icmp enable