display attack-defense policy
Use display attack-defense policy to display attack defense policy configuration.
Syntax
display attack-defense policy [ policy-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
policy-name: Specifies an attack defense policy by its name. The policy name is a case-insensitive string of 1 to 31 characters. Valid characters include uppercase and lowercase letters, digits, underscores (_), and hyphens (-). If no attack defense policy is specified, this command displays brief information about all attack defense policies.
Usage guidelines
This command output includes the following configuration information about an attack defense policy:
Whether attack detection is enabled.
Attack prevention actions.
Attack prevention trigger thresholds.
Examples
# Display the configuration of attack defense policy abc.
<Sysname> display attack-defense policy abc Attack-defense Policy Information -------------------------------------------------------------------------- Policy name : abc Applied list : Local -------------------------------------------------------------------------- Exempt IPv4 ACL: : Not configured Exempt IPv6 ACL: : vip -------------------------------------------------------------------------- Actions: CV-Client verify BS-Block source L-Logging D-Drop N-None Signature attack defense configuration: Signature name Defense Level Actions Fragment Enabled Info L Impossible Enabled Info L Teardrop Disabled Info L Tiny fragment Disabled Info L IP option abnormal Disabled Info L Smurf Disabled Info N Traceroute Disabled Medium L,D Ping of death Disabled Low L Large ICMP Disabled Medium L,D Max length 4000 bytes Large ICMPv6 Disabled Low L Max length 4000 bytes TCP invalid flags Disabled medium L,D TCP null flag Disabled Low L TCP all flags Enabled Info L TCP SYN-FIN flags Disabled Info L TCP FIN only flag Enabled Info L TCP Land Disabled Info L Winnuke Disabled Info L UDP Bomb Disabled Info L UDP Snork Disabled Info L UDP Fraggle Enabled Info L IP option record route Disabled Info L IP option internet timestamp Enabled Info L IP option security Disabled Info L IP option loose source routing Enabled Info L IP option stream ID Disabled Info L IP option strict source routing Disabled Info L IP option route alert Disabled Info L ICMP echo request Disabled Info L ICMP echo reply Disabled Info L ICMP source quench Disabled Info L ICMP destination unreachable Enabled Info L ICMP redirect Enabled Info L ICMP time exceeded Enabled Info L ICMP parameter problem Disabled Info L ICMP timestamp request Disabled Info L ICMP timestamp reply Disabled Info L ICMP information request Disabled Info L ICMP information reply Disabled Medium L,D ICMP address mask request Disabled Medium L,D ICMP address mask reply Disabled Medium L,D ICMPv6 echo request Enabled Medium L,D ICMPv6 echo reply Disabled Medium L,D ICMPv6 group membership query Disabled Medium L,D ICMPv6 group membership report Disabled Medium L,D ICMPv6 group membership reduction Disabled Medium L,D ICMPv6 destination unreachable Enabled Medium L,D ICMPv6 time exceeded Enabled Medium L,D ICMPv6 parameter problem Disabled Medium L,D ICMPv6 packet too big Disabled Medium L,D Scan attack defense configuration: Defense: Disabled Level: Medium Actions: L Flood attack defense configuration: Flood type Global thres(pps) Global actions Service ports Non-specific SYN flood 1000(default) - - Disabled ACK flood 1000(default) - - Enabled SYN-ACK flood 1000(default) - - Disabled RST flood 200 - - Enabled FIN flood 1000(default) L,D - Disabled UDP flood 1000(default) - - Disabled ICMP flood 1000(default) - - Disabled ICMPv6 flood 1000(default) CV - Disabled DNS flood 10000 - 30,61 to 62 Enabled HTTP flood 10000 - 80,8080 Enabled Flood attack defense for protected IP addresses: Address VPN instance Flood type Thres(pps) Actions Ports 1::1 -- FIN-FLOOD 10 L,D - 192.168.1.1 -- SYN-ACK-FLOOD 10 - - 1::1 -- FIN-FLOOD - L - 2013:2013:2013:2013: -- DNS-FLOOD 100 L,CV 53 2013:2013:2013:2013
Table 71: Command output
Field | Description |
---|---|
Policy name | Name of the attack defense policy. |
Applied list | Locations to which the attack defense policy is applied: Local (Local indicates that the policy is applied to the device). |
Exempt IPv4 ACL | IPv4 ACL used for attack detection exemption. |
Exempt IPv6 ACL | IPv6 ACL used for attack detection exemption. |
Actions | Attack prevention actions:
|
Signature attack defense configuration | Configuration information about single-packet attack detection and prevention. |
Signature name | Type of the single-packet attack. |
Defense | Whether attack detection is enabled. |
Level | Level of the single-packet attack, info, low, medium, or high. Currently, no high-level single-packet attacks exist. |
Large ICMPv6 | Large ICMPv6 attack. |
ICMPv6 echo request | ICMPv6 echo request attack. |
ICMPv6 echo reply | ICMPv6 echo reply attack. |
ICMPv6 group membership query | ICMPv6 group membership query attack. |
ICMPv6 group membership report | ICMPv6 group membership report attack. |
ICMPv6 group membership reduction | ICMPv6 group membership reduction attack. |
ICMPv6 destination unreachable | ICMPv6 destination unreachable attack. |
ICMPv6 time exceeded | ICMPv6 time exceeded attack. |
ICMPv6 parameter problem | ICMPv6 parameter problem attack. |
ICMPv6 packet too big | ICMPv6 packet too big attack. |
Scan attack defense configuration | Configuration information about scanning attack detection and prevention. |
Level | Level of the scanning attack detection: low, medium, or high. |
Flood attack defense configuration | Configuration information about flood attack detection and prevention. |
Flood type | Type of the flood attack:
|
Global thres (pps) | Global threshold for triggering the flood attack prevention, in units of packets sent to an IP address per second. The default is 1000 pps. |
Global actions | Global prevention actions against the flood attack:
|
Service ports | Ports that are protected against the flood attack. This field displays port numbers only for the DNS and HTTP flood attacks. For other flood attacks, this field displays a hyphen (-). |
Non-specific | Whether the global flood attack detection is enabled. |
Flood attack defense for protected IP addresses | Configuration of the IP address-specific flood attack detection and prevention. |
Address | Protected IP address. |
VPN instance | MPLS L3VPN instance to which the protected IP address belongs. If no MPLS L3VPN instance is specified, this field displays a hyphen (-). |
Thres(pps) | Threshold for triggering the flood attack prevention, in units of packets sent to the IP address per second. If no threshold is specified, this field displays a hyphen (-). |
Ports | Ports that are protected against the flood attack. This field displays port numbers only for the DNS and HTTP flood attacks. For other flood attacks, this field displays a hyphen (-). |
# Display brief information about all attack defense policies.
<Sysname> display attack-defense policy Attack-defense Policy Brief Information ------------------------------------------------------------ Policy Name Applied list P2 None p1 Local p12 Local
Table 72: Command output
Field | Description |
---|---|
Policy name | Name of the attack defense policy. |
Applied list | Locations to which the attack defense policy is applied: Local (Local indicates that the policy is applied to the device). |
Related commands
attack-defense policy