display attack-defense flood statistics ip
Use display attack-defense flood statistics ip to display IPv4 flood attack detection and prevention statistics.
Syntax
In standalone mode:
display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ip [ ip-address [ vpn vpn-instance-name ] ] [ [ local ] [ slot slot-number ] ] [ count ]
In IRF mode:
display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ip [ ip-address [ vpn vpn-instance-name ] ] [ [ local ] [ chassis chassis-number slot slot-number ] ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ack-flood: Specifies ACK flood attack.
dns-flood: Specifies DNS flood attack.
fin-flood: Specifies FIN flood attack.
flood: Specifies all IPv4 flood attacks.
http-flood: Specifies HTTP flood attack.
icmp-flood: Specifies ICMP flood attack.
rst-flood: Specifies RST flood attack.
syn-ack-flood: Specifies SYN-ACK flood attack.
syn-flood: Specifies SYN flood attack.
udp-flood: Specifies UDP flood attack.
ip-address: Specifies a protected IPv4 address. If you do not specify an IPv4 address, this command displays flood attack detection and prevention statistics for all protected IPv4 addresses.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IPv4 address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify this option if the protected IPv4 address is on the public network.
local: Specifies the device.
slot slot-number: Specifies a card by its slot number. This option is available only when you specify the device. If you do not specify a card, this command displays IPv4 flood attack detection and prevention statistics for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. This option is available only when you specify the device. If you do not specify a card, this command displays IPv4 flood attack detection and prevention statistics for all cards. (In IRF mode.)
count: Displays the number of matching protected IPv4 addresses.
Usage guidelines
The device collects statistics about protected IP addresses for flood attack detection and prevention. The attackers' IP addresses are not recorded.
Examples
# (In standalone mode.) Display all IPv4 flood attack detection and prevention statistics.
<Sysname> display attack-defense flood statistics ip slot 1: IP address VPN Detected on Detect type State PPS Dropped 201.55.7.44 -- Local DNS-FLOOD Normal 1000 111111111 192.168.11.4 -- Local ACK-FLOOD Normal 1000 22222222 slot 2: IP address VPN Detected on Detect type State PPS Dropped 192.168.100.66 -- Local SYN-ACK-FLOOD Normal 1000 165467998
# (In standalone mode.) Display the number of IPv4 addresses that are protected against flood attacks.
<Sysname> display attack-defense flood statistics ip count Slot 1: Totally 2 flood entries. Slot 2: Totally 1 flood entries.
Table 69: Command output
Field | Description |
|---|---|
IP address | Protected IPv4 address. |
VPN | MPLS L3VPN instance to which the protected IPv4 address belongs. If the protected IPv4 address is on the public network, this field displays hyphens (--). |
Detected on | Where the attack is detected: the device (Local). |
Detect type | Type of the detected flood attack. |
State | Whether the device is attacked:
|
PPS | Number of packets sent to the IPv4 address per second. |
Dropped | Number of attack packets dropped by the device. |
Totally 2 flood entries | Total number of IPv4 addresses that are protected. |