[x]

Attack detection and prevention commands > icmp-flood detect ip

 

 Next

icmp-flood detect ip

Use icmp-flood detect ip to configure IP address-specific ICMP flood attack detection.

Use undo icmp-flood detect ip to remove the IP address-specific ICMP flood attack detection configuration.

Syntax

icmp-flood detect ip ip-address [ vpn-instance vpn-instance-name ] [ threshold threshold-value ] [ action { { drop | logging } * | none } ]

undo icmp-flood detect ip ip-address [ vpn-instance vpn-instance-name ]

Default

IP address-specific ICMP flood attack detection is not configured.

Views

Attack defense policy view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IPv4 address to be protected. The ip-address argument cannot be all 1s or 0s.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify this option if the protected IP address is on the public network.

threshold threshold-value: Specifies the threshold for triggering ICMP flood attack prevention. The value range is 1 to 1000000 in units of ICMP packets sent to the specified IP address per second.

action: Specifies the actions when an ICMP flood attack is detected. If no action is specified, the global actions set by the icmp-flood action command apply.

drop: Drops subsequent ICMP packets destined for the protected IP address.

logging: Enables logging for ICMP flood attack events.

none: Takes no action.

Usage guidelines

With ICMP flood attack detection configured for an IP address, the device is in attack detection state. When the sending rate of ICMP packets to the IP address reaches the threshold, the device enters prevention state and takes the specified actions. When the rate is below the silence threshold (three-fourths of the threshold), the device returns to the attack detection state.

You can configure ICMP flood attack detection for multiple IP addresses in one attack defense policy.

Examples

# Configure ICMP flood attack detection for 192.168.1.2 in attack defense policy atk-policy-1.

<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmp-flood detect ip 192.168.1.2 threshold 2000

Related commands

icmp-flood action

icmp-flood detect non-specific

icmp-flood threshold

prev

 

up

 next

icmp-flood action 

home

 icmp-flood detect non-specific

© Copyright 2018 Hewlett Packard Enterprise Development LP