beautypg.com

Configuring syn flood detection – H3C Technologies H3C SecBlade LB Cards User Manual

Page 235

background image

224

Table 27 Configuration items

Item Description

Protected Host
Configuration

IP Address

Specify the IP address of the protected host.

Action
Threshold

Set the protection action threshold for
UDP flood attacks that target the

protected host.
If the sending rate of UDP packets
destined for the specified IP address

constantly reaches or exceeds this

threshold, the device enters the attack
protection state and takes attack

protection actions as configured.

By default, the action
threshold is 1000 packets

per second and the silent

threshold is 750 packets
per second.

Silent
Threshold

Set the silent threshold for actions that
protect against UDP flood attacks

targeting the protected host.
If the sending rate of UDP packets
destined for the specified IP address

drops below this threshold, the device

returns to the attack detection state and
stops the protection actions.

Global
Configuration of

Security Zone

Action
Threshold

Set the protection action threshold for
UDP flood attacks that target a host in the
protected security zone.
If the sending rate of UDP packets
destined for a host in the security zone

constantly reaches or exceeds this
threshold, the device enters the attack

protection state and takes attack

protection actions as configured.

By default, the action
threshold is 1000 packets

per second and the silent

threshold is 750 packets
per second.

Silent
Threshold

Set the silent threshold for actions that
protect against UDP flood attacks
targeting a host in the protected security

zone.
If the sending rate of UDP packets

destined for a host in the security zone
drops below this threshold, the device

returns to the attack detection state and

stops the protection actions.

NOTE:

Host-specific settings take precedence over the global settings for security zones.

Configuring SYN flood detection

SYN flood detection is mainly intended to protect servers and is usually configured for an internal zone.

1.

From the navigation tree, select Security > Intrusion Detection > SYN Flood.
The SYN flood detection configuration page appears.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: