648
signature level detect
Use signature level detect to enable signature detection for single-packet attacks of a specific level.
Use undo signature level detect to disable signature detection for single-packet attacks of a specific level.
Syntax
signature level { high | info | low | medium } detect
undo signature level { high | info | low | medium } detect
Default
Signature detection is disabled for all levels of single-packet attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
high: Specifies the high level. None of the currently supported single-packet attacks belongs to this level.
info: Specifies the informational level. For example, large ICMP packet attack is of this level.
low: Specifies the low level. For example, the traceroute attack is of this level.
medium: Specifies the medium level. For example, the WinNuke attack is of this level.
Usage guidelines
According to their severity, single-packet attacks fall into four levels: info, low, medium, and high.
If you enable the level-specific signature detection for single-packet attacks, the signature detection is
enabled for all single-packet attacks of the level. If you enable the signature detection for a single-packet
attack by using the signature detect command, action parameters in the signature detect command take
effect.
Use the signature level action command to specify the actions against single-packet attacks of a specific
level. To display the level to which a single-packet attack belongs, use the display attack-defense policy
command.
Examples
# Enable signature detection for informational level single-packet attacks in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature level info detect
Related commands
• display attack-defense policy
• signature detect
• signature level action
To Next Page
Loading...
Need help?
General
