Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
5
defense dns-flood ip
Use defense dns-flood ip to configure the action and silence thresholds for DNS flood attack protection
of a specific IP address.
Use undo defense dns-flood ip to remove the configuration.
Syntax
defense dns-flood ip ip-address rate-threshold high rate-number [ low rate-number ]
undo defense dns-flood ip ip-address [ rate-threshold ]
Default
No DNS flood attack protection thresholds are configured for an IP address.
Views
Attack protection policy view
Default command level
2: System view
Parameters
ip-address: Specifies the protected IP address. This IP address cannot be a broadcast address,
127.0.0.0/8, a class D address, or a class E address.
high rate-number: Sets the action threshold for DNS flood attack protection for a specific IP address. The
rate-number argument indicates the number of DNS packets sent to the specified IP address per second
and is in the range of 1 to 64000. With the DNS flood attack protection enabled, the device enters
attack detection state. When the device detects that the sending rate of DNS packets destined for the
specified IP address constantly reaches or exceeds the specified action threshold, the device considers
the IP address to be under attack, enters the attack protection state, and takes protection actions as
configured.
low rate-number: Sets the silence threshold for DNS flood attack protection for a specific IP address. The
rate-number argument indicates the number of DNS packets sent to an IP address per second and is in
the range of 1 to 64000. The default value is 3/4 of the global action threshold. When the device is in
attack protection state, if it detects that the sending rate of DNS packets destined for an IP address drops
below the silence threshold, it considers that the attack to the IP address is over, returns to attack detection
state, and stops the protection actions. If you do not specify this option, the global silence threshold is
3/4 of the global action threshold.
Examples
# Enable DNS flood attack protection for IP address 192.168.1.2, and set the action threshold to 2000
packets per second and the silence threshold to 1000 packets per second.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense dns-flood ip 192.168.1.2 rate-threshold high
2000 low 1000
Related commands
defense dns-flood enable