signature level action

Use signature level action to specify the actions against single-packet attacks on a specific level.

Use undo signature level action to restore the default.


signature level { high | info | low | medium } action { { drop | logging } * | none }

undo signature level { high | info | low | medium } action


For informational-level and low-level single-packet attacks, the action is logging.

For medium-level and high-level single-packet attacks, the actions are logging and drop.


Attack defense policy view

Predefined user roles




high: Specifies the high level. None of the currently supported single-packet attacks belongs to this level.

info: Specifies the informational level. For example, large ICMP packet attack is on this level.

low: Specifies the low level. For example, the traceroute attack is on this level.

medium: Specifies the medium level. For example, the WinNuke attack is on this level.

drop: Drops packets that match the specified level.

logging: Enable logging for single-packet attacks on the specified level.

none: Takes no action.

Usage guidelines

According to their severity, single-packet attacks are divided into four levels: info, low, medium, and high. Enabling signature detection for a specific level enables signature detection for all single-packet attacks on that level.

If you enable signature detection for a single-packet attack also by using the signature detect command, action parameters in the signature detect command take effect.


# Specify the action against informational-level single-packet attacks as drop in attack defense policy atk-policy-1.

<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature level info action drop

Related commands

signature detect

signature level detect