R0106-HP MSR Router Series Security Command Reference(V7)
652
Usage guidelines
You can configure SYN flood attack detection for multiple IP addresses in one attack defense policy.
With SYN flood attack detection configured, the device is in attack detection state. An attack occurs
when the device detects that the sending rate of SYN packets to a protected IP address reaches or
exceeds the threshold. The device enters prevention state and takes actions to protect the target IP
address. When the rate is below the silence threshold (three-fourths of the threshold), the device
considers that the threat is over and returns to the attack detection state.
Examples
# Configure SYN flood attack detection for 192.168.1.2 in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] syn-flood detect ip 192.168.1.2 threshold
2000
Related commands
• syn-flood action
• syn-flood detect non-specific
• syn-flood threshold
syn-flood detect non-specific
Use syn-flood detect non-specific to enable SYN flood attack detection for non-specific IP addresses.
Use undo syn-flood detect non-specific to restore the default.
Syntax
syn-flood detect non-specific
undo syn-flood detect non-specific
Default
SYN flood attack detection is not enabled for non-specific IP addresses.
Views
Attack defense policy view
Predefined user roles
network-admin
Usage guidelines
This command enables global SYN flood attack detection. It applies to all IP addresses except for those
specified by the syn-flood detect command. The system uses the global trigger threshold set by the
syn-flood threshold command and global actions specified by the syn-flood action command.
Examples
# Enable SYN flood attack detection for non-specific IP addresses in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] syn-flood detect non-specific