Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
22
192.168.2.1 2000 1000
Table 1 Command output
Filed Descri
p
tion
Policy number Sequence number of the attack protection policy.
Bound zones Security zones to which the attack protection policy is applied.
Smurf attack-defense Whether Smurf attack protection is enabled.
ICMP redirect attack-defense Whether ICMP redirect attack protection is enabled.
ICMP unreachable attack-defense Whether ICMP unreachable attack protection is enabled.
Large ICMP attack-defense Whether large ICMP attack protection is enabled.
Max-length Maximum length allowed for an ICMP packet.
TCP flag attack-defense Whether TCP flag attack protection is enabled.
Tracert attack-defense Whether tracert attack protection is enabled.
Fraggle attack-defense Whether Fraggle attack protection is enabled.
WinNuke attack-defense Whether WinNuke attack protection is enabled.
LAND attack-defense Whether Land attack protection is enabled.
Source route attack-defense Whether Source Route attack protection is enabled.
Route record attack-defense Whether Route Record attack protection is enabled.
Scan attack-defense Whether scanning attack protection is enabled.
Add to blacklist
Whether the blacklist function is enabled for scanning attack
protection.
Blacklist timeout Aging time of the blacklist entries.
Max-rate Threshold for the connection establishment rate.
Signature-detect action
Action to be taken when a single-packet attack is detected. It
can be Drop-packet (dropping subsequent packets) or Syslog
(outputting an alarm log).
DNS flood attack-defense Whether DNS flood attack protection is enabled.
DNS flood high-rate Global action threshold for DNS flood attack protection.
DNS flood low-rate Global silence threshold for DNS flood attack protection.
DNS flood attack on IP DNS flood attack protection settings for specific IP addresses.
ICMP flood attack-defense Whether ICMP flood attack protection is enabled.
ICMP flood action
Action to be taken when an ICMP flood attack is detected. It can
be Drop-packet (dropping subsequent packets) or Syslog
(outputting an alarm log).
ICMP flood high-rate Global action threshold for ICMP flood attack protection.
ICMP flood low-rate Global silence threshold for ICMP flood attack protection.
ICMP flood attack-defense for specific IP
addresses
ICMP flood attack protection settings for specific IP addresses.
UDP flood attack-defense Whether UDP flood attack is enabled.