Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
38
Ste
p
Command
Remarks
5. Configure the global action
and silence thresholds for
ICMP flood attack
protection.
defense icmp-flood rate-threshold
high rate-number [ low
rate-number ]
Optional.
By default, the action threshold is
1000 packets per second and the
silence threshold is 750 packets per
second.
6. Configure the action and
silence thresholds for ICMP
flood attack protection of a
specific IP address.
defense icmp-flood ip ip-address
rate-threshold high rate-number
[ low rate-number ]
Optional.
Not specifically configured for an IP
address by default.
7. Configure the device to drop
ICMP flood attack packets.
defense icmp-flood action
drop-packet
Optional.
By default, the device only outputs
alarm logs if detecting an attack.
To configure a UDP flood attack protection policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a non-default VD.
3. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
4. Enable UDP flood attack
protection.
defense udp-flood enable Disabled by default.
5. Configure the global action
and silence thresholds for
UDP flood attack protection.
defense udp-flood rate-threshold
high rate-number [ low
rate-number ]
Optional.
By default, the action threshold is
1000 packets per second and the
silence threshold is 750 packets per
second.
6. Configure the action and
silence thresholds for UDP
flood attack protection for a
specific IP address.
defense udp-flood ip ip-address
rate-threshold high rate-number
[ low rate-number ]
Optional.
Not configured by default.
7. Configure the device to drop
UDP flood attack packets.
defense udp-flood action
drop-packet
Optional.
By default, the device only outputs
alarm logs if detecting an attack.
To configure a DNS flood attack protection policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a non-default VD.
3. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
4. Enable DNS flood attack
protection.
defense dns-flood enable Disabled by default.