R0106-HP MSR Router Series Security Command Reference(V7)
576
Actions: L
Flood attack defense configuration:
Flood type Global thres(pps) Global actions Service ports Non-specific
SYN flood 1000(default) - - Disabled
ACK flood 1000(default) - - Enabled
SYN-ACK flood 1000(default) - - Disabled
RST flood 200 - - Enabled
FIN flood 1000(default) L,D - Disabled
UDP flood 1000(default) - - Disabled
ICMP flood 1000(default) - - Disabled
ICMPv6 flood 1000(default) CV - Disabled
DNS flood 10000 - 30,61 to 62 Enabled
HTTP flood 10000 - 80,8080 Enabled
Flood attack defense for protected IP addresses:
Address VPN instance Flood type Thres(pps) Actions Ports
1::1 -- FIN-FLOOD 10 L,D -
192.168.1.1 A01234567890 SYN-ACK-FLOOD 10 - -
123456789012
3456789
1::1 -- FIN-FLOOD - L -
2013:2013:2013:2013: A0123456789 DNS-FLOOD 100 L,CV 53
2013:2013:2013:2013
Table 83 Command output
Field Descri
p
tion
Policy name Name of the attack defense policy.
Applied list
List of interfaces to which the attack defense policy is applied. If the policy is
applied to the device, this field displays Local.
Exempt IPv4 ACL IPv4 ACL used for attack detection exemption.
Exempt IPv6 ACL IPv6 ACL used for attack detection exemption.
Actions
Attack prevention actions:
• CV—Client verification.
• BS—Blocking sources.
• L—Logging.
• D—Dropping packets.
• N—No action.
Signature attack defense
configuration
Configuration information about single-packet attack detection and
prevention.
Signature name Type of the single-packet attack.
Defense Whether attack detection is enabled.
Level Level of the single-packet attack, info, low, medium, or high.