Displaying and maintaining attack detection and prevention

Display attack detection and prevention statistics on an interface (centralized devices in standalone mode).

display attack-defense statistics interface interface-type interface-number

Display attack detection and prevention statistics on an interface (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense statistics interface interface-type interface-number [ slot slot-number ]

Display attack detection and prevention statistics on an interface (distributed devices in IRF mode).

display attack-defense statistics interface interface-type interface-number [ chassis chassis-number slot slot-number ]

Display attack detection and prevention statistics for the device (centralized devices in standalone mode).

display attack-defense statistics local

Display attack detection and prevention statistics for the device (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense statistics local [ slot slot-number ]

Display attack detection and prevention statistics for the device (distributed devices in IRF mode).

display attack-defense statistics local [ chassis chassis-number slot slot-number ]

Display attack defense policy configuration.

display attack-defense policy [ policy-name ]

Display information about IPv4 scanning attackers (centralized devices in standalone mode).

display attack-defense scan attacker ip [ interface interface-type interface-number | local ] [ count ]

Display information about IPv4 scanning attackers (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense scan attacker ip [ [ interface interface-type interface-number | local ] [ slot slot-number ] ] [ count ]

Display information about IPv4 scanning attackers (distributed devices in IRF mode).

display attack-defense scan attacker ip [ [ interface interface-type interface-number | local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Display information about IPv6 scanning attackers (centralized devices in standalone mode).

display attack-defense scan attacker ipv6 [ interface interface-type interface-number | local ] [ count ]

Display information about IPv6 scanning attackers (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense scan attacker ipv6 [ [ interface interface-type interface-number | local ] [ slot slot-number ] ] [ count ]

Display information about IPv6 scanning attackers (distributed devices in IRF mode).

display attack-defense scan attacker ipv6 [ [ interface interface-type interface-number | local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Display information about IPv4 scanning attack victims (centralized devices in standalone mode).

display attack-defense scan victim ip [ interface interface-type interface-number | local ] [ count ]

Display information about IPv4 scanning attack victims (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense scan victim ip [ [ interface interface-type interface-number | local ] [ slot slot-number ] ] [ count ]

Display information about IPv4 scanning attack victims (distributed devices in IRF mode).

display attack-defense scan victim ip [ [ interface interface-type interface-number | local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Display information about IPv6 scanning attack victims (centralized devices in standalone mode).

display attack-defense scan victim ipv6 [ interface interface-type interface-number | local ] [ count ]

Display information about IPv6 scanning attack victims (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense scan victim ipv6 [ [ interface interface-type interface-number | local ] [ slot slot-number ] ] [ count ]

Display information about IPv6 scanning attack victims (distributed devices in IRF mode).

display attack-defense scan victim ipv6 [ [ interface interface-type interface-number | local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Display flood attack detection and prevention statistics for an IPv4 address (centralized devices in standalone mode).

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ip [ ip-address [ vpn vpn-instance-name ] ] [ interface interface-type interface-number | local ] [ count ]

Display flood attack detection and prevention statistics for an IPv4 address (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ip [ ip-address [ vpn vpn-instance-name ] ] [ count ] [ [ interface interface-type interface-number | local ] [ slot slot-number ] ] [ count ]

Display flood attack detection and prevention statistics for an IPv4 address (distributed devices in IRF mode).

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ip [ ip-address [ vpn vpn-instance-name ] ] [ [ interface interface-type interface-number | local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Display flood attack detection and prevention statistics for an IPv6 address (centralized devices in standalone mode).

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ interface interface-type interface-number | local ] [ count ]

Display flood attack detection and prevention statistics for an IPv6 address (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ [ interface interface-type interface-number | local ] [ slot slot-number ] ] [ count ]

Display flood attack detection and prevention statistics for an IPv6 address (distributed devices in IRF mode).

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ [ interface interface-type interface-number | local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Display information about IPv4 addresses protected by flood attack detection and prevention (centralized devices in standalone mode).

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ip [ ip-address [ vpn vpn-instance-name ] ] [ count ]

Display information about IPv4 addresses protected by flood attack detection and prevention (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ip [ ip-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ]

Display information about IPv4 addresses protected by flood attack detection and prevention (distributed devices in IRF mode).

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ip [ ip-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]

Display information about IPv6 addresses protected by flood attack detection and prevention (centralized devices in standalone mode).

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ count ]

Display information about IPv6 addresses protected by flood attack detection and prevention (distributed devices in standalone mode/centralized devices in IRF mode).

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ]

Display information about IPv6 addresses protected by flood attack detection and prevention (distributed devices in IRF mode).

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]

Display IPv4 blacklist entries (centralized devices in standalone mode).

display blacklist ip [ source-ip-address [ vpn-instance vpn-instance-name ] [ ds-lite-peer ds-lite-peer-address ] ] [ count ]

Display IPv4 blacklist entries (distributed devices in standalone mode/centralized devices in IRF mode).

display blacklist ip [ source-ip-address [ vpn-instance vpn-instance-name ] [ ds-lite-peer ds-lite-peer-address ] ] [ slot slot-number ] [ count ]

Display IPv4 blacklist entries (distributed devices in IRF mode).

display blacklist ip [ source-ip-address [ vpn-instance vpn-instance-name ] [ ds-lite-peer ds-lite-peer-address ] ] [ chassis chassis-number slot slot-number ] [ count ]

Display IPv6 blacklist entries (centralized devices in standalone mode).

display blacklist ipv6 [ source-ipv6-address [ vpn-instance vpn-instance-name ] ] [ count ]

Display IPv6 blacklist entries (distributed devices in standalone mode/centralized devices in IRF mode).

display blacklist ipv6 [ source-ipv6-address [ vpn-instance vpn-instance-name ] ] [ slot slot-number ] [ count ]

Display IPv6 blacklist entries (distributed devices in IRF mode).

display blacklist ipv6 [ source-ipv6-address [ vpn-instance vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]

Display protected IPv4 list entries for client verification (centralized devices in standalone mode).

display client-verify { dns | http | tcp } protected ip [ ip-address [ vpn vpn-instance-name ] ] [ port port-number ] [ count ]

Display protected IPv4 addresses for client verification (distributed devices in standalone mode/centralized devices in IRF mode).

display client-verify { dns | http | tcp } protected ip [ ip-address [ vpn vpn-instance-name ] ] [ port port-number ] [ slot slot-number ] [ count ]

Display protected IPv4 addresses for client verification (distributed devices in IRF mode).

display client-verify { dns | http | tcp } protected ip [ ip-address [ vpn vpn-instance-name ] ] [ port port-number ] [ chassis chassis-number slot slot-number ] [ count ]

Display protected IPv6 addresses for client verification (centralized devices in standalone mode).

display client-verify { dns | http | tcp } protected ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ port port-number ] [ count ]

Display protected IPv6 addresses for client verification (distributed devices in standalone mode/centralized devices in IRF mode).

display client-verify { dns | http | tcp } protected ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ port port-number ] [ slot slot-number ] [ count ]

Display protected IPv6 addresses for client verification (distributed devices in IRF mode).

display client-verify { dns | http | tcp } protected ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ port port-number ] [ chassis chassis-number slot slot-number ] [ count ]

Display trusted IPv4 addresses for client verification (centralized devices in standalone mode).

display client-verify { dns | http | tcp } trusted ip [ ip-address [ vpn vpn-instance-name ] ] [ count ]

Display trusted IPv4 addresses for client verification (distributed devices in standalone mode/centralized devices in IRF mode).

display client-verify { dns | http | tcp } trusted ip [ ip-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ]

Display trusted IPv4 addresses for client verification (distributed devices in IRF mode).

display client-verify { dns | http | tcp } trusted ip [ ip-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]

Display trusted IPv6 addresses for client verification (centralized devices in standalone mode).

display client-verify { dns | http | tcp } trusted ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ count ]

Display trusted IPv6 addresses for client verification (distributed devices in standalone mode/centralized devices in IRF mode).

display client-verify { dns | http | tcp } trusted ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ]

Display trusted IPv6 addresses for client verification (distributed devices in IRF mode).

display client-verify { dns | http | tcp } trusted ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]

Clear attack detection and prevention statistics for an interface.

reset attack-defense statistics interface interface-type interface-number

Clear attack detection and prevention statistics for the device.

reset attack-defense statistics local

Clear flood attack detection and prevention statistics.

reset attack-defense policy policy-name flood protected { ip | ipv6 } statistics

Clear dynamic IPv4 blacklist entries.

reset blacklist ip { source-ip-address [ vpn-instance vpn-instance-name ] [ ds-lite-peer ds-lite-peer-address ] | all }

Clear dynamic IPv6 blacklist entries.

reset blacklist ipv6 { source-ipv6-address [ vpn-instance vpn-instance-name ] | all }

Clear blacklist statistics.

reset blacklist statistics

Clear protected IP statistics for client verification.

reset client-verify { dns | http | tcp } protected { ip | ipv6 } statistics

Clear the trusted IP list for client verification.

reset client-verify { dns | http | tcp } trusted { ip | ipv6 }