427
of SYN packets destined for the specified IP address drops below the silence threshold, it considers
that the attack is over, returns to attack detection state, and stops taking the protection measures.
Usage guidelines
You can specify a maximum of 32 protected IP addresses in each attack protection policy.
Examples
# Configure SYN flood attack protection for IP address 192.168.1.2, and set the action threshold to
2000 packets per second and the silence threshold to 1000 packets per second.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense syn-flood ip 192.168.1.2 rate-threshold high
2000 low 1000
Related commands
•
defense syn-flood action
•
defense syn-flood enable
•
display attack-defense policy
defense syn-flood rate-threshold
Use
defense syn-flood
rate-threshold
to configure the global action and silence thresholds for
SYN flood attack protection. The device uses the global attack protection thresholds to protect the IP
addresses for which you do not configure attack protection parameters specifically.
Use
undo defense syn-flood rate-threshold
to restore the default.
Syntax
defense syn-flood rate-threshold high
rate-number
[
low
rate-number
]
undo defense syn-flood rate-threshold
Default
The global action threshold is 1000 packets per second and the global silence threshold is 750
packets per second.
Views
Attack protection policy view
Default command level
2: System level
Parameters
high
rate-number
: Sets the global action threshold for SYN flood attack protection. The
rate-number
argument indicates the number of SYN packets sent to an IP address per second and is in the range
of 1 to 64000. With the SYN flood attack protection enabled, the device enters attack detection state.
When the device detects that the sending rate of SYN packets destined for an IP address constantly
reaches or exceeds the specified action threshold, the device considers the IP address to be under
attack, enters attack protection state, and takes protection actions as configured.
low
rate-number
: Sets the global silence threshold for SYN flood attack protection. The
rate-number
argument indicates the number of SYN packets sent to an IP address per second and is in the range
of 1 to 64000. When the device is in attack protection state, if it detects that the sending rate of SYN
packets destined for an IP address drops below the silence threshold, it considers that the attack to
the IP address is over, returns to attack detection state, and stops the protection actions.