< Home

anti-attack tcp-syn car

Function

The anti-attack tcp-syn car command sets the rate limit at which TCP SYN packets are received.

The undo anti-attack tcp-syn car command restores the default rate limit at which TCP SYN packets are received.

By default, the rate limit at which TCP SYN packets are received is 155000000 bit/s.

Format

anti-attack tcp-syn car cir cir

undo anti-attack tcp-syn car

Parameters

Parameter

Description

Value
cir cir

Specifies the committed information rate (CIR) at which TCP SYN packets are received.

The value is an integer that ranges from 8000 to 155000000, in bit/s.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After defense against TCP SYN flood attacks is enabled, run the anti-attack tcp-syn car command to set the rate limit at which TCP SYN packets are received. If the rate of received TCP SYN attack packets exceeds the rate limit, the device discards excess TCP SYN flood attack packets to ensure that the device CPU works properly.

Prerequisites

Defense against TCP SYN flood attacks has been enabled using the anti-attack tcp-syn enable command.

Example

# Set the rate limit at which TCP SYN packets are received to 8000 bit/s.

<HUAWEI> system-view
[HUAWEI] anti-attack tcp-syn enable
[HUAWEI] anti-attack tcp-syn car cir 8000
Parent Topic: Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >