Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
8
Examples
# Enable ICMP flood attack protection in attack protection policy 1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense icmp-flood enable
Related commands
defense icmp-flood action drop-packet
defense icmp-flood ip
defense icmp-flood rate-threshold
display attack-defense policy
defense icmp-flood ip
Use defense icmp-flood ip to configure the action and silence thresholds for ICMP flood attack protection
of a specific IP address.
Use undo defense icmp-flood ip to remove the configuration.
Syntax
defense icmp-flood ip ip-address rate-threshold high rate-number [ low rate-number ]
undo defense icmp-flood ip ip-address [ rate-threshold ]
Default
No ICMP flood attack protection thresholds are configured for an IP address.
Views
Attack protection policy view
Default command level
2: System level
Parameters
ip-address: Specifies the IP address to be protected. This IP address cannot be a broadcast address,
127.0.0.0/8, a class D address, or a class E address.
high rate-number: Sets the action threshold for ICMP flood attack protection of the specified IP address.
The rate-number argument indicates the number of ICMP packets sent to the specified IP address per
second and is in the range of from 1 to 64000. With the ICMP flood attack protection enabled, the
device enters attack detection state. When the device detects that the sending rate of ICMP packets
destined for the specified IP address constantly reaches or exceeds the specified action threshold, the
device considers the IP address to be under attack, enters attack protection state, and takes protection
actions as configured.
low rate-number: Sets the silence threshold for ICMP flood attack protection of the specified IP address.
The rate-number argument indicates the number of ICMP packets sent to the specified IP address per
second and is in the range of from 1 to 64000. The default value of the silence threshold is 3/4 of the
action threshold. When the device is in attack protection state, if it detects that the sending rate of ICMP
packets destined for the specified IP address drops below the silence threshold, it considers that the
attack is over, returns to attack detection state, and stops the protection actions.