613
<Sysname> display client-verify tcp trusted ipv6 count
Slot 0:
Totally 3 trusted IPv6 addresses.
Slot 1:
Totally 3 trusted IPv6 addresses.
Table 98 Command output
Field Descri
tion
Totally 3 protected IPv6
addresses
Number of trusted IPv6 addresses.
IPv6 address Trusted IPv6 address.
VPN instance
MPLS L3VPN instance to which the trusted IPv6 address belongs. If the
trusted IPv6 address is on the public network, this field displays hyphens (--).
TTL(sec)
Remaining aging time of the trusted IPv6 address, in seconds. If no aging
time is set, this field displays Never.
dns-flood action
Use dns-flood action to specify global actions against DNS flood attacks.
Use undo dns-flood action to restore the default.
Syntax
dns-flood action { client-verify | drop | logging } *
undo dns-flood action
Default
No action is taken against detected DNS flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for DNS client verification. If DNS client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent DNS packets destined for the victim IP addresses.
logging: Enables logging for DNS flood attack events. The log information records the detection
interface, victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions,
and start time of the attack.
Usage guidelines
To configure the DNS flood attack detection to collaborate with the DNS client verification, make sure the
client-verify keyword is specified and the DNS client verification is enabled. To enable DNS client
verification, use the client-verify dns enable command.
To Next Page
Loading...
Need help?
General
