< Home

Configuring Defense Against ICMP Flood Attacks

Context

If an attacker sends a large number of ICMP Echo packets to a target host in a short time, the target host is busy with these ICMP packets and cannot process normal services. To prevent ICMP flood attacks, enable defense against ICMP flood attacks.

After defense against ICMP flood attacks is enabled, set the rate limit for ICMP flood attack packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run anti-attack icmp-flood enable

    Defense against ICMP flood attacks is enabled.

    By default, defense against ICMP flood attacks is enabled.

    You can also run the anti-attack enable command in the system view to enable attack defense against all attack packets including malformed packets.

  3. Run anti-attack icmp-flood car cir cir

    The rate limit of ICMP flood attack packets is set.

    By default, the rate limit of ICMP flood attack packets is 155000000 bit/s.

Parent Topic: Configuring Defense Against Flood Attacks
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >