Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
9
Examples
# Enable ICMP flood attack protection for IP address 192.168.1.2, and set the action threshold to 2000
packets per second and the silence threshold to 1000 packets per second.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense icmp-flood ip 192.168.1.2 rate-threshold high
2000 low 1000
Related commands
defense icmp-flood action drop-packet
defense icmp-flood enable
display attack-defense policy
defense icmp-flood rate-threshold
Use defense icmp-flood rate-threshold to configure the global action and silence thresholds for ICMP
flood attack protection. The device uses the global attack protection thresholds to protect IP addresses for
which you do not specifically configure attack protection parameters.
Use undo defense icmp-flood rate-threshold to restore the default.
Syntax
defense icmp-flood rate-threshold high rate-number [ low rate-number ]
undo defense icmp-flood rate-threshold
Default
The global action threshold is 1000 packet per second and the global silence threshold is 750 packets
per second.
Views
Attack protection policy view
Default command level
2: System level
Parameters
high rate-number: Sets the global action threshold for ICMP flood attack protection. The rate-number
argument indicates the number of ICMP packets sent to an IP address per second and is in the range of
from 1 to 64000. With ICMP flood attack enabled, the device enters attack detection state. When the
device detects that the sending rate of ICMP packets destined for an IP address constantly reaches or
exceeds the specified action threshold, the device considers the IP address to be under attack, enters
attack protection state, and takes protection actions as configured.
low rate-number: Sets the global silence threshold for ICMP flood attack protection. The rate-number
argument indicates the number of ICMP packets sent to an IP address per second and is in the range of
from 1 to 64000. When the device is in attack protection state, if it detects that the sending rate of ICMP
packets destined for an IP address drops below the silence threshold, it considers that the attack to the
IP address is over, returns to attack detection state, and stops the protection actions.
Usage guidelines
Adjust the thresholds according to the actual network conditions. Typically, ICMP traffic is smaller than
TCP traffic and UDP traffic. You can set a smaller action threshold for ICMP flood protection. If the link