R0106-HP MSR Router Series Security Command Reference(V7)
577
Field Descri
p
tion
Actions
Prevention actions against the single-packet attack:
• L—Logging.
• D—Dropping packets.
• N—No action.
Scan attack defense
configuration
Configuration information about scanning attack detection and prevention.
Defense Whether attack detection is enabled.
Level Level of the scanning attack detection, low, medium, or high.
Actions
Prevention actions against the scanning attack:
• BS—Blocking sources.
• D—Dropping packets.
• L—Logging.
Flood attack defense
configuration
Configuration information about flood attack detection and prevention.
Flood type
Type of the flood attack:
• ACK flood.
• DNS flood.
• FIN flood.
• ICMP flood.
• ICMPv6 flood.
• SYN flood.
• SYN-ACK flood.
• UDP flood.
• RST flood.
• HTTP flood.
Global thres (pps)
Global threshold for triggering the flood attack prevention, in units of
packets sent to an IP address per second. The default is 1000 pps.
Global actions
Global prevention actions against the flood attack:
• D—Dropping packets.
• L—Logging.
• CV—Client verification.
• -—Not configured.
Service ports
Ports that are protected against the flood attack. This field is displays port
numbers only for the DNS and HTTP flood attacks. For other flood attacks,
this field displays a hyphen (-).
Non-specific Whether the flood attack detection is enabled for non-specific IP addresses.
Flood attack defense for
protected IP addresses
Configuration information about IP-specific flood attack detection and
prevention.
Address Protected IP address.
VPN instance
MPLS L3VPN instance to which the protected IP address belongs. If no MPLS
L3VPN instance is specified, this field displays a hyphen (-).