display attack-defense policy ip
Use display attack-defense policy ip to display information about IPv4 addresses protected by flood attack detection and prevention.
Syntax
In standalone mode:
display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ip [ ip-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ]
In IRF mode:
display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ip [ ip-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
policy-name: Specifies an attack defense policy by its name. The policy name is a case-insensitive string of 1 to 31 characters. Valid characters include uppercase and lowercase letters, digits, underscores (_), and hyphens (-).
ack-flood: Specifies ACK flood attack.
dns-flood: Specifies DNS flood attack.
fin-flood: Specifies FIN flood attack.
flood: Specifies all IPv4 flood attacks.
http-flood: Specifies HTTP flood attack.
icmp-flood: Specifies ICMP flood attack.
rst-flood: Specifies RST flood attack.
syn-ack-flood: Specifies SYN-ACK flood attack.
syn-flood: Specifies SYN flood attack.
udp-flood: Specifies UDP flood attack.
ip-address: Specifies a protected IPv4 address. If you do not specify an IPv4 address, this command displays information about all protected IPv4 addresses.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the IPv4 address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify this option if the IPv4 address is on the public network.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about IPv4 addresses protected by flood attack detection and prevention for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv4 addresses protected by flood attack detection and prevention for all cards. (In IRF mode.)
count: Displays the number of matching IPv4 addresses protected by flood attack detection and prevention.
Examples
# (In standalone mode.) Display information about all IPv4 addresses protected by flood attack detection and prevention in attack defense policy abc.
<Sysname> display attack-defense policy abc flood ip Slot 1: IP address VPN instance Type Rate threshold(PPS) Dropped 123.123.123.123 -- SYN-ACK-FLOOD 100 4294967295 201.55.7.45 -- ICMP-FLOOD 100 10 192.168.11.5 -- DNS-FLOOD 23 100 Slot 2: IP address VPN instance Type Rate threshold(PPS) Dropped
# (In standalone mode.) Display the number of IPv4 addresses protected by flood attack detection and prevention in attack defense policy abc.
<Sysname> display attack-defense policy abc flood ip count Slot 1: Totally 3 flood protected IP addresses. Slot 2: Totally 0 flood protected IP addresses.
Table 73: Command output
Field | Description |
|---|---|
Totally 3 flood protected IP addresses | Total number of the IPv4 addresses protected by flood attack detection and prevention. |
IP address | Protected IPv4 address. |
VPN instance | MPLS L3VPN instance to which the protected IPv4 address belongs. If the protected IPv4 address is on the public network, this field displays hyphens (--). |
Type | Type of the flood attack. |
Rate threshold(PPS) | Threshold for triggering the flood attack prevention, in units of packets sent to the IP address per second. If no rate threshold is set, this field displays a hyphen (-). |
Dropped | Number of dropped attack packets. If the prevention action is logging, this field displays 0. |