R0106-HP MSR Router Series Security Configuration Guide(V7)
469
Task Command
Clear blacklist statistics. reset blacklist statistics
Clear protected IP statistics for client verification.
reset client-verify { dns | http | tcp } protected { ip | ipv6 }
statistics
Clear the trusted IP list for client verification. reset client-verify { dns | http | tcp } trusted { ip | ipv6 }
Attack detection and prevention configuration
examples
Interface-based attack detection and prevention configuration
example
Network requirements
As shown in Figure 142, Router is the gateway for the internal network. GigabitEthernet 2/1/2 connects
to the external network, and GigabitEthernet 2/1/3 connects to an internal server.
To protect the internal hosts and internal server against scanning attacks and smurf attacks, configure an
attack defense policy to meet the following requirements:
• Configure low-level scanning attack detection. Configure the device to log scanning attacks and
keep the attackers' IP addresses on the blacklist for 10 minutes.
• Configure signature detection for smurf attack, and configure the device to log smurf attacks.
To protect the internal server against SYN flood attacks, configure another attack defense policy to meet
the following requirements:
• Set the attack prevention triggering threshold to 5000 packets per second.
• Specify the prevention action as packet dropping and logging.
Figure 142 Network diagram
Configuration procedure
# Configure IP addresses for the interfaces on Router. (Details not shown.)