signature level detect

Use signature level detect to enable signature detection for single-packet attacks on a specific level.

Use undo signature level detect to disable signature detection for single-packet attacks on a specific level.

Syntax

signature level { high | info | low | medium } detect

undo signature level { high | info | low | medium } detect

Default

Signature detection is disabled for all levels of single-packet attacks.

Views

Attack defense policy view

Predefined user roles

network-admin

mdc-admin

Parameters

high: Specifies the high level. None of the currently supported single-packet attacks belongs to this level.

info: Specifies the informational level. For example, large ICMP packet attack is on this level.

low: Specifies the low level. For example, the traceroute attack is on this level.

medium: Specifies the medium level. For example, the WinNuke attack is on this level.

Usage guidelines

According to their severity, single-packet attacks are divided into four levels: info, low, medium, and high. Enabling signature detection for a specific level enables signature detection for all single-packet attacks on that level. Use the signature level action command to specify the actions against single-packet attacks on a specific level. If you enable signature detection for a single-packet attack also by using the signature detect command, action parameters in the signature detect command take effect.

To display the level to which a single-packet attack belongs, use the display attack-defense policy command.

Examples

# Enable signature detection for informational-level single-packet attacks in attack defense policy atk-policy-1.

<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] signature level info detect

Related commands

display attack-defense policy

signature detect

signature level action