syn-ack-flood action
Use syn-ack-flood action to specify global actions against SYN-ACK flood attacks.
Use undo syn-ack-flood action to restore the default.
Syntax
syn-ack-flood action { drop | logging }*
undo syn-ack-flood action
Default
No global action is specified for SYN-ACK flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
drop: Drops subsequent SYN-ACK packets destined for the victim IP addresses.
logging: Enables logging for SYN-ACK flood attack events.
Examples
# Specify drop as the global action against SYN-ACK flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view [Sysname] attack-defense policy atk-policy-1 [Sysname-attack-defense-policy-atk-policy-1] syn-ack-flood action drop
Related commands
syn-ack-flood detect
syn-ack-flood detect non-specific
syn-ack-flood threshold