icmp-flood threshold
Use icmp-flood threshold to set the global threshold for triggering ICMP flood attack prevention.
Use undo icmp-flood threshold to restore the default.
Syntax
icmp-flood threshold threshold-value
undo icmp-flood threshold
Default
The global threshold is 1000 for triggering ICMP flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of ICMP packets sent to an IP address per second.
Usage guidelines
With global ICMP flood attack detection configured, the device is in attack detection state. When the sending rate of ICMP packets to an IP address reaches the threshold, the device enters prevention state and takes the specified actions. When the rate is below the silence threshold (three-fourths of the threshold), the device returns to the attack detection state.
The global threshold applies to global ICMP flood attack detection. Adjust the threshold according to the application scenarios. If the number of ICMP packets sent to a protected server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold might affect the server services. For a network that is unstable or susceptible to attacks, set a small threshold.
Examples
# Set the global threshold to 100 for triggering ICMP flood attack prevention in attack defense policy atk-policy-1.
<Sysname> system-view [Sysname] attack-defense policy atk-policy-1 [Sysname-attack-defense-policy-atk-policy-1] icmp-flood threshold 100
Related commands
icmp-flood action
icmp-flood detect ip
icmp-flood detect non-specific