Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
56
last-ack: Specifies the LAST_ACK state of a TCP connection.
syn-received: Specifies the SYN_RECEIVED state of a TCP connection.
connection-number number: Specifies the maximum number of TCP connections in a certain state. The
argument number is in the range of 0 to 500.
Usage guidelines
You must enable the protection against Naptha attack before executing this command. Otherwise, an
error is prompted.
You can configure the maximum number of TCP connections in each state.
If the maximum number of TCP connections in a state is 0, the aging of TCP connections in this state is
not accelerated.
Examples
# Set the maximum number of TCP connections in ESTABLISHED state to 100.
<Sysname> system-view
[Sysname] tcp anti-naptha enable
[Sysname] tcp state established connection-number 100
Related commands
tcp anti-naptha enable
tcp syn-cookie enable
Use tcp syn-cookie enable to enable the SYN Cookie feature to protect the device against SYN Flood
attacks.
Use undo tcp syn-cookie enable to disable the SYN Cookie feature.
Syntax
tcp syn-cookie enable
undo tcp syn-cookie enable
Default
The SYN Cookie feature is enabled.
Views
System view
Default command level
2: System level
Examples
# Enable the SYN Cookie feature.
<Sysname> system-view
[Sysname] tcp syn-cookie enable
tcp timer check-state
Use tcp timer check-state to configure the TCP connection state check interval.