Manualshelf

R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
651652653654655656657658659660
641
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] scan detect level low action logging
block-source timeout 10
Related commands
blacklist enable
blacklist global enable
signature { large-icmp | large-icmpv6 } max-length
Use signature { large-icmp | large-icmpv6 } max-length to set the maximum length of safe ICMP or
ICMPv6 packets. A large ICMP or ICMPv6 attack occurs if an ICMP or ICMPv6 packet larger than the
specified length is detected.
Use undo signature { large-icmp | large-icmpv6 } max-length to restore the default.
Syntax
signature { large-icmp | large-icmpv6 } max-length length
undo signature { large-icmp | large-icmpv6 } max-length
Default
The maximum length of safe ICMP or ICMPv6 packets is 4000 bytes.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
large-icmp: Specifies large ICMP packet attack signature.
large-icmpv6: Specifies large ICMPv6 packet attack signature.
length: Specifies the maximum length of safe ICMP or ICMPv6 packets, in bytes. The value range for
ICMP packet is 28 to 65534. The value range for ICMPv6 packet is 48 to 65534.
Examples
# Set the maximum length of safe ICMP packets for large ICMP attack to 50000 bytes.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] signature large-icmp max-length 50000
Related commands
signature detect
signature detect
Use signature detect to configure signature detection for single-packet attacks.
Use undo signature detect to remove the signature detection configuration for single-packet attacks.