R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

661

662

663

664

665

666

667

668

669

670

651

Examples

# Specify drop as the global action against SYN flood attacks in attack defense policy atk-policy-1.

<Sysname> system-view

[Sysname] attack-defense policy atk-policy-1

[Sysname-attack-defense-policy-atk-policy-1] syn-flood action drop

Related commands

• syn-flood detect

• syn-flood detect non-specific

• syn-flood threshold

syn-flood detect

Use syn-flood detect to configure IP-specific SYN flood attack detection.

Use undo syn-flood detect to remove the SYN flood attack detection configuration for an IP address.

Syntax

syn-flood detect { ip ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ threshold

threshold-value ] [ action { client-verify | drop | logging } * ]

undo syn-flood detect { ip ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]

Default

SYN flood attack detection is not configured for any IP address.

Views

Attack defense policy view

Predefined user roles

network-admin

Parameters

ip ip-address: Specifies the IPv4 address to be protected. The ip-address argument cannot be all 1s or 0s.

ipv6 ipv6-address: Specifies the IPv6 address to be protected. The ipv6-address argument cannot be a

multicast address or all 0s.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP address

belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify

this option if the protected IP address is on the public network.

threshold threshold-value: Sets the threshold for triggering SYN flood attack prevention. The value range

is 1 to 1000000 in units of SYN packets sent to the specified IP address per second.

action: Specifies the actions when a SYN flood attack is detected. If no action is specified, the global

actions set by the syn-flood action command apply.

client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP client

verification is enabled, the device provides proxy services for protected servers.

drop: Drops subsequent SYN packets destined for the protected IP address.

logging: Enables logging for SYN flood attack events. The log information records the detection interface,

victim IP address, MPLS L3VPN instance name, current packet statistics, prevention action, and start time

of the attack.