R0106-HP MSR Router Series Security Configuration Guide(V7)
474
SYN-ACK flood 1000(default) - - Disabled
RST flood 1000(default) - - Disabled
FIN flood 1000(default) - - Disabled
UDP flood 1000(default) - - Disabled
ICMP flood 1000(default) - - Disabled
ICMPv6 flood 1000(default) - - Disabled
DNS flood 1000(default) - 53 Disabled
HTTP flood 1000(default) - 80 Disabled
Flood attack defense for protected IP addresses:
Address VPN instance Flood type Thres(pps) Actions Ports
10.1.1.2 -- SYN-FLOOD 5000 L,D -
# Verify that the attack detection and prevention takes effect on GigabitEthernet 2/1/2.
<Router> display attack-defense statistics interface gigabitethernet 2/1/2
Attack policy name: a1
Scanning attack defense statistics:
AttackType AttackTimes Dropped
Port scan 2 0
IP sweep 3 0
Distribute port scan 1 0
Flood attack defense statistics:
AttackType AttackTimes Dropped
SYN flood 1 5000
Signature attack defense statistics:
AttackType AttackTimes Dropped
Smurf 1 0
# Verify that the IPv4 blacklist function collaborates with the scanning attack detection.
[Router] display blacklist ip
IP address VPN instance DS-Lite tunnel peer Type TTL(sec) Dropped
5.5.5.5 -- -- Dynamic 600 353452
Blacklist function configuration example
Network requirements
As shown in Figure 143, configure the blacklist function on Router to block packets from the attacker Host
D permanently and from Host C for 50 minutes.
Figure 143 Network diagram