beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 259

background image

248

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VD system view.

switchto vd vd-name

Required for a non-default VD.

3.

Enter attack protection

policy view.

attack-defense policy
policy-number

N/A

4.

Enable ICMP flood attack
protection.

defense icmp-flood enable

Disabled by default.

5.

Configure the global action
and silence thresholds for

ICMP flood attack

protection.

defense icmp-flood rate-threshold
high rate-number [ low

rate-number ]

Optional.
By default, the action threshold is

1000 packets per second and the
silence threshold is 750 packets per

second.

6.

Configure the action and
silence thresholds for ICMP

flood attack protection of a

specific IP address.

defense icmp-flood ip ip-address
rate-threshold high rate-number

[ low rate-number ]

Optional.
Not specifically configured for an IP
address by default.

7.

Configure the device to drop
ICMP flood attack packets.

defense icmp-flood action
drop-packet

Optional.
By default, the device only outputs

alarm logs if detecting an attack.

To configure a UDP flood attack protection policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VD system view.

switchto vd vd-name

Required for a non-default VD.

3.

Enter attack protection
policy view.

attack-defense policy

policy-number

N/A

4.

Enable UDP flood attack
protection.

defense udp-flood enable

Disabled by default.

5.

Configure the global action
and silence thresholds for

UDP flood attack protection.

defense udp-flood rate-threshold
high rate-number [ low

rate-number ]

Optional.
By default, the action threshold is
1000 packets per second and the

silence threshold is 750 packets per
second.

6.

Configure the action and

silence thresholds for UDP
flood attack protection for a

specific IP address.

defense udp-flood ip ip-address
rate-threshold high rate-number

[ low rate-number ]

Optional.
Not configured by default.

7.

Configure the device to drop

UDP flood attack packets.

defense udp-flood action
drop-packet

Optional.
By default, the device only outputs
alarm logs if detecting an attack.

To configure a DNS flood attack protection policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: