Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
471472473474475476477478479480
459
Step Command Remarks
2. Enter attack defense policy
view.
attack-defense policy policy-name
N/A
3. Enable RST flood attack
detection for non-specific IP
addresses.
rst-flood detect non-specific
By default, RST flood attack detection
is disabled for non-specific IP
addresses.
4. Set the global trigger
threshold for RST flood attack
prevention.
rst-flood threshold threshold-value
By default, the global trigger
threshold is 1000 for RST flood
attack prevention.
5. Specify global actions
against RST flood attacks.
rst-flood action { client-verify |
drop | logging } *
By default, no global action is
specified for RST flood attacks.
6. Configure IP-specific RST
flood attack detection.
rst-flood detect { ip ip-address |
ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] [ threshold
threshold-value ] [ action
{ client-verify | drop | logging }
* ]
By default, RST flood attack detection
is not configured for any IP address.
Configuring an ICMP flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter attack defense policy
view.
attack-defense policy policy-name
N/A
3. Enable ICMP flood attack
detection for non-specific IP
addresses.
icmp-flood detect non-specific
By default, ICMP flood attack
detection is disabled for non-specific
IP addresses.
4. Set the global trigger
threshold for ICMP flood
attack prevention.
icmp-flood threshold
threshold-value
By default, the global trigger
threshold is 1000 for ICMP flood
attack prevention.
5. Specify global actions
against ICMP flood attacks.
icmp-flood action {drop |
logging } *
By default, no global action is
specified for ICMP flood attacks.
6. Configure IP-specific ICMP
flood attack detection.
icmp-flood detect ip ip-address
[ vpn-instance vpn-instance-name ]
[ threshold threshold-value ]
[ action { drop | logging } * ]
By default, ICMP flood attack
detection is not configured for any IP
address.
Configuring an ICMPv6 flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter attack defense policy
view.
attack-defense policy policy-name
N/A
3. Enable ICMPv6 flood attack
detection for non-specific IPv6
addresses.
icmpv6-flood detect non-specific
By default, ICMPv6 flood attack
detection is disabled for non-specific
IPv6 addresses.