Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
13
undo defense scan max-rate
Views
Attack protection policy view
Default command level
2: System level
Parameters
rate-number: Specifies the threshold of the connection establishment rate (number of connections
established in a second) that triggers scanning attack protection, in the range of 1 to 10000.
Usage guidelines
With scanning attack protection enabled, a device checks the connection rate by IP address. If the
connection rate of an IP address reaches or exceeds the threshold, the device considers the IP address a
scanning attack source, outputs an attack alarm log, and it can blacklist the IP address depending on
your configuration. Subsequent packets from the blacklisted IP address are dropped.
Examples
# Enable scanning attack protection.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense scan enable
# Set the connection rate threshold for triggering scanning attack protection to 2000 connections per
second.
[Sysname-attack-defense-policy-1] defense scan max-rate 2000
Related commands
blacklist enable
defense scan add-to-blacklist
defense scan blacklist-timeout
defense scan enable
defense syn-flood action
Use defense syn-flood action to specify the actions to be taken in response to SYN flood attack packets.
Use undo defense syn-flood action to restore the default.
Syntax
defense syn-flood action { drop-packet | trigger-tcp-proxy }
undo defense syn-flood action
Default
The device only outputs alarm logs when detecting an attack.
Views
Attack protection policy view
Default command level
2: System level