616
Usage guidelines
This command enables global DNS flood attack detection. It applies to all IP addresses except for those
specified by the dns-flood detect command. The system uses the global trigger threshold set by the
dns-flood threshold command and global actions specified by the dns-flood action command.
Examples
# Enable DNS flood attack detection for non-specific IP addresses in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood detect non-specific
Related commands
• dns-flood action
• dns-flood detect
• dns-flood threshold
dns-flood port
Use dns-flood port to specify the global ports to be protected against DNS flood attacks.
Use undo dns-flood port to restore the default.
Syntax
dns-flood port port-list
undo dns-flood port
Default
The DNS flood attack prevention protects port 53.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
port-list: Specifies a global list of ports to be protected. Specify this argument in the format of
{ start-port-number [ to end-port-number ] } &<1-65535>. &<1-65535> indicates that you can specify up
to 65535 ports or port lists. The end-port-number cannot be smaller than the start-port-number.
Usage guidelines
The device detects only DNS packets destined for the specified ports.
The global ports apply to DNS flood attack detection for non-specific IP addresses and IP-specific DNS
flood attack detection with no port specified.
Examples
# Specify port 53 and 61000 as the global ports to be protected against DNS flood attacks in attack
defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood port 53 61000
To Next Page
Loading...
Need help?
General
