R0106-HP MSR Router Series Security Command Reference(V7)
646
Default
Signature detection is disabled for all levels of single-packet attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
high: Specifies the high level. None of the currently supported single-packet attacks belongs to this level.
info: Specifies the informational level. For example, large ICMP packet attack is of this level.
low: Specifies the low level. For example, the traceroute attack is of this level.
medium: Specifies the medium level. For example, the WinNuke attack is of this level.
Usage guidelines
According to their severity, single-packet attacks fall into four levels: info, low, medium, and high.
If you enable the level-specific signature detection for single-packet attacks, the signature detection is
enabled for all single-packet attacks of the level. If you enable the signature detection for a single-packet
attack by using the signature detect command, action parameters in the signature detect command take
effect.
Use the signature level action command to specify the actions against single-packet attacks of a specific
level. To display the level to which a single-packet attack belongs, use the display attack-defense policy
command.
Examples
# Enable signature detection for informational level single-packet attacks in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature level info detect
Related commands
• display attack-defense policy
• signature detect
• signature level action
syn-ack-flood action
Use syn-ack-flood action to specify global actions against SYN-ACK flood attacks.
Use undo syn-ack-flood action to restore the default.
Syntax
syn-ack-flood action { client-verify | drop | logging } *
undo syn-ack-flood action
Default
No action is taken against detected SYN-ACK flood attacks.