421
defense icmp-flood rate-threshold
Use
defense icmp-flood rate-threshold
to configure the global action and silence thresholds for
ICMP flood attack protection. The device uses the global attack protection thresholds to protect IP
addresses for which you do not configure attack protection parameters specifically.
Use
undo defense icmp-flood rate-threshold
to restore the default.
Syntax
defense icmp-flood rate-threshold high
rate-number
[
low
rate-number
]
undo defense icmp-flood rate-threshold
Default
The global action threshold is 1000 packet per second and the global silence threshold is 750
packets per second.
Views
Attack protection policy view
Default command level
2: System level
Parameters
high
rate-number
: Sets the global action threshold for ICMP flood attack protection. The
rate-number
argument indicates the number of ICMP packets sent to an IP address per second and
is in the range of 1 to 64000. With ICMP flood attack enabled, the device enters attack detection
state. When the device detects that the sending rate of ICMP packets destined for an IP address
constantly reaches or exceeds the specified action threshold, the device considers the IP address to
be under attack, enters attack protection state, and takes protection actions as configured.
low
rate-number
: Sets the global silence threshold for ICMP flood attack protection. The
rate-number
argument indicates the number of ICMP packets sent to an IP address per second and
is in the range of 1 to 64000. When the device is in attack protection state, if it detects that the
sending rate of ICMP packets destined for an IP address drops below the silence threshold, it
considers that the attack to the IP address is over, returns to attack detection state, and stops the
protection actions.
Usage guidelines
Adjust the thresholds according to the actual network conditions. Usually, ICMP traffic is smaller than
TCP traffic and UDP traffic. You can set a smaller action threshold for ICMP flood protection. If the
link bandwidth of the protected network is small, set a smaller silence threshold to help release the
traffic pressure.
Examples
# Set the global action threshold to 3000 packets per second and the global silence threshold to
1000 packets per second for ICMP flood attack.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense icmp-flood rate-threshold high 3000 low 1000
Related commands
•
defense icmp-flood action drop-packet
•
defense icmp-flood enable
•
display attack-defense policy