R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

661

662

663

664

665

666

667

668

669

670

655

Parameters

ip ip-address: Specifies the IPv4 address to be protected. The ip-address argument cannot be all 1s or 0s.

ipv6 ipv6-address: Specifies the IPv6 address to be protected. The ipv6-address argument cannot be a

multicast address or all 0s.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP address

belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify

this option if the protected IP address is on the public network.

threshold threshold-value: Sets the threshold for triggering UDP flood attack prevention. The value range

is 1 to 64000 in units of UDP packets sent to the specified IP address per second.

action: Specifies the actions when a UDP flood attack is detected. If no action is specified, the global

actions set by the udp-flood action command apply.

drop: Drops subsequent UDP packets destined for the protected IP address.

logging: Enables logging for UDP flood attack events. The log information records the detection interface,

victim IP address, MPLS L3VPN instance name, current packet statistics, prevention action, and start time

of the attack.

Usage guidelines

You can configure UDP flood attack detection for multiple IP addresses in one attack defense policy.

With UDP flood attack detection configured, the device is in attack detection state. An attack occurs

when the device detects that the sending rate of UDP packets to a protected IP address reaches or

exceeds the threshold. The device enters prevention state and takes actions to protect the target IP

address. When the rate is below the silence threshold (three-fourths of the threshold), the device

considers that the threat is over and returns to the attack detection state.

Examples

# Configure UDP flood attack detection for 192.168.1.2 in attack defense policy atk-policy-1.

<Sysname> system-view

[Sysname] attack-defense policy atk-policy-1

[Sysname-attack-defense-policy-atk-policy-1] udp-flood detect ip 192.168.1.2 threshold

2000

Related commands

• udp-flood action

• udp-flood detect non-specific

• udp-flood threshold

udp-flood detect non-specific

Use udp-flood detect non-specific to enable UDP flood attack detection for non-specific IP addresses.

Use undo udp-flood detect non-specific to restore the default.

Syntax

udp-flood detect non-specific

undo udp-flood detect non-specific

Default

UDP flood attack detection is not enabled for non-specific IP addresses.