display attack-defense statistics local

Use display attack-defense statistics local to display attack detection and prevention statistics for the device.

Syntax

In standalone mode:

display attack-defense statistics local [ slot slot-number ]

display attack-defense statistics local [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays attack detection and prevention statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays attack detection and prevention statistics for all cards. (In IRF mode.)

Examples

# (In standalone mode.) Display attack detection and prevention statistics for the device.

<Sysname> display attack-defense statistics local
Attack policy name: abc
Slot 1:
Scan attack defense statistics:
 AttackType                          AttackTimes Dropped
 Port scan                           2           23
 IP sweep                            3           33
 Distribute port scan                1           10
Flood attack defense statistics:
 AttackType                          AttackTimes Dropped
 SYN flood                           1           0
 ACK flood                           1           0
 SYN-ACK flood                       3           5000
 RST flood                           2           0
 FIN flood                           2           0
 UDP flood                           1           0
 ICMP flood                          1           0
 ICMPv6 flood                        1           0
 DNS flood                           1           0
 HTTP flood                          1           0
Signature attack defense statistics:
 AttackType                          AttackTimes Dropped
 IP option record route              1           100
 IP option security                  2           0
 IP option stream ID                 3           0
 IP option internet timestamp        4           1
 IP option loose source routing      5           0
 IP option strict source routing     6           0
 IP option route alert               3           0
 Fragment                            1           0
 Impossible                          1           1
 Teardrop                            1           1
 Tiny fragment                       1           0
 IP options abnormal                 3           0
 Smurf                               1           0
 Ping of death                       1           0
 Traceroute                          1           0
 Large ICMP                          1           0
 TCP NULL flag                       1           0
 TCP all flags                       1           0
 TCP SYN-FIN flags                   1           0
 TCP FIN only flag                   1           0
 TCP invalid flag                    1           0
 TCP Land                            1           0
 Winnuke                             1           0
 UDP Bomb                            1           0
 Snork                               1           0
 Fraggle                             1           0
 Large ICMPv6                        1           0
 ICMP echo request                   1           0
 ICMP echo reply                     1           0
 ICMP source quench                  1           0
 ICMP destination unreachable        1           0
 ICMP redirect                       2           0
 ICMP time exceeded                  3           0
 ICMP parameter problem              4           0
 ICMP timestamp request              5           0
 ICMP timestamp reply                6           0
 ICMP information request            7           0
 ICMP information reply              4           0
 ICMP address mask request           2           0
 ICMP address mask reply             1           0
 ICMPv6 echo request                 1           1
 ICMPv6 echo reply                   1           1
 ICMPv6 group membership query       1           0
 ICMPv6 group membership report      1           0
 ICMPv6 group membership reduction   1           0
 ICMPv6 destination unreachable      1           0
 ICMPv6 time exceeded                1           0
 ICMPv6 parameter problem            1           0
 ICMPv6 packet too big               1           0
Slot 2:
Scan attack defense statistics:
 AttackType                          AttackTimes Dropped
 Port scan                           4           46
 IP sweep                            2           28
 Distribute port scan                1           10
Flood attack defense statistics:
 AttackType                          AttackTimes Dropped
 SYN flood                           1           0
 ACK flood                           1           0
 SYN-ACK flood                       2           4200
 RST flood                           2           0
 FIN flood                           2           20
 UDP flood                           1           0
 ICMP flood                          1           0
 ICMPv6 flood                        1           0
 DNS flood                           1           0
 HTTP flood                          1           0
Signature attack defense statistics:
 AttackType                          AttackTimes Dropped
 IP option record route              2           230
 IP option security                  2           0
 IP option stream ID                 3           0
 IP option internet timestamp        4           1
 IP option loose source routing      5           0
 IP option strict source routing     2           0
 IP option route alert               3           12 
 Fragment                            1           0
 Impossible                          1           1
 Teardrop                            1           1
 Tiny fragment                       1           0
 IP options abnormal                 3           0
 Smurf                               1           0
 Ping of death                       1           0
 Traceroute                          1           0
 Large ICMP                          1           0
 TCP NULL flag                       1           0
 TCP all flags                       1           0
 TCP SYN-FIN flags                   1           0
 TCP FIN only flag                   1           0
 TCP invalid flag                    1           0
 TCP Land                            1           0
 Winnuke                             1           0
 UDP Bomb                            1           0
 Snork                               1           0 
 Fraggle                             1           0
 Large ICMPv6                        1           0 
 ICMP echo request                   1           0
 ICMP echo reply                     1           0
 ICMP source quench                  1           0
 ICMP destination unreachable        1           0
 ICMP redirect                       2           3
 ICMP time exceeded                  3           0
 ICMP parameter problem              4           0
 ICMP timestamp request              5           0
 ICMP timestamp reply                6           0
 ICMP information request            7           0
 ICMP information reply              4           0
 ICMP address mask request           2           0
 ICMP address mask reply             1           0
 ICMPv6 echo request                 1           1
 ICMPv6 echo reply                   1           1
 ICMPv6 group membership query       1           0
 ICMPv6 group membership report      1           0
 ICMPv6 group membership reduction   1           0
 ICMPv6 destination unreachable      1           0
 ICMPv6 time exceeded                1           0
 ICMPv6 parameter problem            1           0
 ICMPv6 packet too big               1           0

Table 79: Command output

Field

Description

AttackType

Type of the attack.

AttackTimes

Number of times that the attack occurred.

This command output displays only attacks that are detected.

Dropped

Number of dropped packets.

ICMPv6 flood

ICMPv6 flood attack. This field is not displayed when no ICMPv6 flood attack is detected.

Large ICMPv6

Large ICMPv6 attack. This field is not displayed when no large ICMPv6 attack is detected.

ICMPv6 echo request

ICMPv6 echo request attack. This field is not displayed when no ICMPv6 echo request attack is detected.

ICMPv6 echo reply

ICMPv6 echo reply attack. This field is not displayed when no ICMPv6 echo reply attack is detected.

ICMPv6 group membership query

ICMPv6 group membership query attack. This field is not displayed when no ICMPv6 group membership query attack is detected.

ICMPv6 group membership report

ICMPv6 group membership report attack. This field is not displayed when no ICMPv6 group membership report attack is detected.

ICMPv6 group membership reduction

ICMPv6 group membership reduction attack. This field is not displayed when no ICMPv6 group membership reduction attack is detected.

ICMPv6 destination unreachable

ICMPv6 destination unreachable attack. This field is not displayed when no ICMPv6 destination unreachable attack is detected.

ICMPv6 time exceeded

ICMPv6 time exceeded attack. This field is not displayed when no ICMPv6 time exceeded attack is detected.

ICMPv6 parameter problem

ICMPv6 parameter problem attack. This field is not displayed when no ICMPv6 parameter problem attack is detected.

ICMPv6 packet too big

ICMPv6 packet too big attack. This field is not displayed when no ICMPv6 packet too big attack is detected.

Related commands

reset attack-defense statistics local