R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

431

432

433

434

435

436

437

438

439

440

426

Ste

Command

Remarks

4. Configure the ICMP packet

length threshold that triggers

large ICMP attack protection.

signature-detect large-icmp

max-length length

Optional.

4000 bytes by default.

5. Configure the device to drop

single-packet attack packets.

signature-detect action

drop-packet

Optional.

By default, the device only

outputs alarm logs if detecting a

single-packet attack.

Configuring a scanning attack protection policy

The scanning attack protection function detects scanning attacks by monitoring the establishment rate of

connections to the target systems. It is usually applied to interfaces connecting external networks and

inspects only the inbound packets of the interfaces. If the device detects that the rate at which an IP

address initiates connections reaches or exceeds the pre-defined threshold, the device outputs alarm logs,

drop subsequent packets received from the IP address, and, depending on your configuration, add the

IP address to the blacklist.

To configure a policy for preventing scanning attacks:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter attack protection

policy view.

attack-defense policy policy-number N/A

3. Enable scanning attack

protection.

defense scan enable Disabled by default.

4. Specify the connection

rate threshold that

triggers scanning attack

protection.

defense scan max-rate rate-number

Optional.

4000 connections per second

by default.

5. Configure the blacklist

function for scanning

attack protection.

• Enable the blacklist function for

scanning attack protection:

defense scan add-to-blacklist

• Set the aging time for entries blacklisted

by the scanning attack protection

function:

defense scan blacklist-timeout minutes

Optional.

By default:

• Blacklist function for

scanning attack protection is

disabled.

• The aging time for entries

blacklisted by the scanning

attack protection function is

10 minutes.

6. Return to system view.

quit N/A

7. Enable the blacklist

function.

blacklist enable

Required to make the blacklist

entries added by the scanning

attack protection function take

effect.

By default, the blacklist function

is disabled.