R0106-HP MSR Router Series Security Command Reference(V7)
650
Usage guidelines
The global threshold applies to SYN-ACK flood attack detection for non-specific IP addresses.
Adjust the threshold according to the application scenarios. If the number of SYN-ACK packets to a
protected server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold
might affect the server services. For a network that is unstable or susceptible to attacks, set a small
threshold.
Examples
# Set the global threshold to 100 for triggering SYN-ACK flood attack prevention in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] syn-ack-flood threshold 100
Related commands
• syn-ack-flood action
• syn-ack-flood detect
• syn-ack-flood detect non-specific
syn-flood action
Use syn-flood action to specify global actions against SYN flood attacks.
Use undo syn-flood action to restore the default.
Syntax
syn-flood action { client-verify | drop | logging } *
undo syn-flood action
Default
No action is taken against detected SYN flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent SYN packets destined for the victim IP addresses.
logging: Enables logging for SYN flood attack events. The log information records the detection interface,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions, and start time
of the attack.
Usage guidelines
To configure the SYN flood attack detection to collaborate with the TCP client verification, make sure the
client-verify keyword is specified and the TCP client verification is enabled. To enable TCP client
verification, use the client-verify tcp enable command.