R0106-HP MSR Router Series Security Command Reference(V7)
617
Related commands
attack-defense policy
fin-flood action
Use fin-flood action to specify global actions against FIN flood attacks.
Use undo fin-flood action to restore the default.
Syntax
fin-flood action { client-verify | drop | logging } *
undo fin-flood action
Default
No action is taken against detected FIN flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent FIN packets destined for the victim IP addresses.
logging: Enables logging for FIN flood attack events. The log information records the detection interface,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions, and start time
of the attack.
Usage guidelines
To configure the FIN flood attack detection to collaborate with the TCP client verification, make sure the
client-verify keyword is specified and the TCP client verification is enabled. To enable TCP client
verification, use the client-verify tcp enable command.
Examples
# Specify drop as the global action against FIN flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] fin-flood action drop
Related commands
• client-verify tcp enable
• fin-flood detect
• fin-flood detect non-specific
• fin-flood threshold
fin-flood detect
Use fin-flood detect to configure IP-specific FIN flood attack detection.