Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
471472473474475476477478479480
460
Step Command Remarks
4. Set the global trigger
threshold for ICMPv6 flood
attack prevention.
icmpv6-flood threshold
threshold-value
By default, the global trigger
threshold is 1000 for ICMPv6 flood
attack prevention.
5. Specify global actions
against ICMPv6 flood
attacks.
icmpv6-flood action { drop |
logging } *
By default, no global action is
specified for ICMPv6 flood attacks.
6. Configure IP-specific ICMPv6
flood attack detection.
icmpv6-flood detect ipv6
ipv6-address [ vpn-instance
vpn-instance-name ] [ threshold
threshold-value ] [ action { drop |
logging } * ]
By default, ICMPv6 flood attack
detection is not configured for any
IPv6 address.
Configuring a UDP flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter attack defense policy
view.
attack-defense policy policy-name
N/A
3. Enable UDP flood attack
detection for non-specific IP
addresses.
udp-flood detect non-specific
By default, UDP flood attack
detection is disabled for non-specific
IP addresses.
4. Set the global trigger
threshold for UDP flood attack
prevention.
udp-flood threshold
threshold-value
By default, the global trigger
threshold is 1000 for UDP flood
attack prevention.
5. Specify global actions
against UDP flood attacks.
udp-flood action { drop | logging }
*
By default, no global action is
specified for UDP flood attacks.
6. Configure IP-specific UDP
flood attack detection.
udp-flood detect { ip ip-address |
ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] [ threshold
threshold-value ] [ action
{ client-verify | drop | logging }
* ]
By default, UDP flood attack
detection is not configured for any IP
address.
Configuring a DNS flood attack defense policy
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter attack defense policy
view.
attack-defense policy policy-name
N/A
3. Enable DNS flood attack
detection for non-specific IP
addresses.
dns-flood detect non-specific
By default, DNS flood attack
detection is disabled for non-specific
IP addresses.
4. Set the global trigger
threshold for DNS flood
attack prevention.
dns-flood threshold
threshold-value
By default, the global trigger
threshold is 1000 for DNS flood
attack prevention.