Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
441442443444445446447448449450
434
[Router-attack-defense-policy-1] defense udp-flood rate-threshold high 100
# Configure the policy to drop the subsequent packets once a UDP flood attack is detected.
[Router-attack-defense-policy-1] defense udp-flood action drop-packet
[Router-attack-defense-policy-1] quit
# Apply policy 1 to GigabitEthernet 1/1.
[Router] interface gigabitethernet 1/1
[Router-GigabitEthernet1/1] attack-defense apply policy 1
# Enable the traffic statistics function in the outbound direction of GigabitEthernet 1/1.
[Router-GigabitEthernet1/1] flow-statistic enable outbound
# Enable traffic statistics based on destination IP address.
[Router-GigabitEthernet1/1] flow-statistic enable destination-ip
Verifying the configuration
If you suspect that the server is under an attack, you can view the traffic statistics information on the
interface to check whether there is an attack.
[Router-GigabitEthernet1/1] display flow-statistics statistics destination-ip 10.1.1.2
Flow Statistics Information
------------------------------------------------------------
IP Address : 10.1.1.2
------------------------------------------------------------
Total number of existing sessions : 13676
Session establishment rate : 2735/s
TCP sessions : 0
Half-open TCP sessions : 0
Half-close TCP sessions : 0
TCP session establishment rate : 0/s
UDP sessions : 13676
UDP session establishment rate : 2735/s
ICMP sessions : 0
ICMP session establishment rate : 0/s
RAWIP sessions : 0
RAWIP session establishment rate : 0/s
[Router-GigabitEthernet0/1] display flow-statistics statistics interface gigabitethernet
1/1 outbound
Flow Statistics Information
------------------------------------------------------------
Interface : GigabitEthernet1/1
------------------------------------------------------------
Total number of existing sessions : 13676
Session establishment rate : 2735/s
TCP sessions : 0
Half-open TCP sessions : 0
Half-close TCP sessions : 0
TCP session establishment rate : 0/s
UDP sessions : 13676
UDP session establishment rate : 2735/s
ICMP sessions : 0