630
Usage guidelines
The global threshold applies to ICMP flood attack detection for non-specific IP addresses.
Adjust the threshold according to the application scenarios. If the number of ICMP packets to a protected
server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold might
affect the server services. For a network that is unstable or susceptible to attacks, set a small threshold.
Examples
# Set the global threshold to 100 for triggering ICMP flood attack prevention in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmp-flood threshold 100
Related commands
• icmp-flood action
• icmp-flood detect ip
• icmp-flood detect non-specific
icmpv6-flood action
Use icmpv6-flood action to specify global actions against ICMPv6 flood attacks.
Use undo icmpv6-flood action to restore the default.
Syntax
icmpv6-flood action { drop | logging } *
undo icmpv6-flood action
Default
No action is taken against detected ICMPv6 flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
drop: Drops subsequent ICMPv6 packets destined for the victim IP addresses.
logging: Enables logging for ICMPv6 flood attack events. The log information records the detection
interface, victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions,
and start time of the attack.
Examples
# Specify drop as the global action against ICMPv6 flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood action drop
To Next Page
Loading...
