Manualshelf

R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
661662663664665666667668669670
654
Syntax
udp-flood action { drop | logging } *
undo udp-flood action
Default
No action is taken against detected UDP flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
drop: Drops subsequent UDP packets destined for the victim IP addresses.
logging: Enables logging for UDP flood attack events. The log information records the detection interface,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions, and start time
of the attack.
Examples
# Specify drop as the global action against UDP flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] udp-flood action drop
Related commands
udp-flood detect
udp-flood detect non-specific
udp-flood threshold
udp-flood detect
Use udp-flood detect to configure IP-specific UDP flood attack detection.
Use undo udp-flood detect to remove the UDP flood attack detection configuration for an IP address.
Syntax
udp-flood detect { ip ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ threshold
threshold-value ] [ action { drop | logging } * ]
undo udp-flood detect { ip ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
UDP flood attack detection is not configured for any IP address.
Views
Attack defense policy view
Predefined user roles
network-admin