Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
6
defense dns-flood rate-threshold
Use defense dns-flood rate-threshold to configure the global action and global silence thresholds for
DNS flood attack protection. The device uses the global attack protection thresholds to protect IP
addresses for which you do not specifically configure attack protection parameters.
Use undo defense dns-flood rate-threshold to restore the default.
Syntax
defense dns-flood rate-threshold high rate-number [ low rate-number ]
undo defense dns-flood rate-threshold
Default
The global action threshold is 1000 packets per second, and the global silence threshold is 750 packets
per second.
Views
Attack protection policy view
Default command level
2: System level
Parameters
high rate-number: Sets the global action threshold for attack protection. The rate-number argument
indicates the number of DNS packets sent to the specified IP address per second and is in the range of
from 1 to 64000. With the DNS flood attack protection enabled, the device enters attack detection state.
When the device detects that the sending rate of DNS packets destined for the specified IP address
constantly reaches or exceeds the specified action threshold, the device considers the IP address to be
under attack, enters attack protection state, and takes protection actions as configured.
low rate-number: Sets the global silence threshold for DNS flood attack protection. The rate-number
argument indicates the number of DNS packets sent to an IP address per second and is in the range of
from 1 to 64000. When the device is in attack protection state, if it detects that the sending rate of DNS
packets destined for an IP address drops below the silence threshold, it considers that the attack to the
IP address is over, returns to attack detection state, and stops the protection actions.
Usage guidelines
Adjust the thresholds according to the actual network conditions. Typically, if the DNS traffic is large, set
a larger global action threshold. If the network conditions are not good and network sensitive to attack
traffic, set a smaller global action threshold. If the link bandwidth of the protected network is small, set a
smaller silence threshold to help release the traffic pressure.
Examples
# Set the global action threshold to 3000 packets per second and the global silence threshold to 1000
packets per second for DNS flood attack.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense dns-flood rate-threshold high 3000 low 1000
Related commands
defense dns-flood enable