560
mdc-admin
Parameters
port-list
: Specifies a space-separated list of up to 65535 port number items. Each item specifies a
port by its port number or a range of ports in the form of
start-port-number
to
end-port-number
. The
end-port-number
cannot be smaller than the
start-port-number
.
Usage guidelines
The device detects only DNS packets destined for the specified ports.
The global ports apply to global DNS flood attack detection and IP address-specific DNS flood attack
detection with no port specified.
Examples
# Specify the ports 53 and 61000 as the global ports to be protected against DNS flood attacks in
attack defense policy
atk-policy-1
.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood port 53 61000
Related commands
dns-flood action
dns-flood detect
dns-flood detect non-specific
dns-flood threshold
Use
dns-flood threshold
to set the global threshold for triggering DNS flood attack prevention.
Use
undo dns-flood threshold
to restore the default.
Syntax
dns-flood threshold threshold-value
undo dns-flood threshold
Default
The global threshold is 1000 for triggering DNS flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
threshold-value
: Specifies the threshold value. The value range is 1 to 1000000 in units of DNS
packets sent to an IP address per second.
Usage guidelines
With global DNS flood attack detection configured, the device is in attack detection state. When the
sending rate of DNS packets to an IP address reaches the threshold, the device enters prevention
state and takes the specified actions. When the rate is below the silence threshold (three-fourths of
the threshold), the device returns to the attack detection state.