icmp-broadcast-address-echo enable

Function

The icmp-broadcast-address-echo enable command enables the system to receive broadcast ICMP echo request packets.

The undo icmp-broadcast-address-echo enable command disables the system from receiving broadcast ICMP echo request packets.

By default, the system is disabled from receiving broadcast ICMP echo request packets.

Format

icmp-broadcast-address-echo enable

undo icmp-broadcast-address-echo enable

Parameters

None

Views

Attack defense policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
cpu-defend write

Usage Guidelines

Usage Scenario

A device drops ICMP echo request packets that carry broadcast addresses (including subnet broadcast and network broadcast addresses) as destination IP addresses by default. When the device is required to normally process broadcast ICMP echo request packets, run the icmp-broadcast-address-echo enable command to enable the device to receive broadcast ICMP echo request packets.

When the device receives a large number of broadcast ICMP echo request packets, you can disable the device from receiving broadcast ICMP echo request packets to reduce the load of the device and prevent Smurf attacks.

In VS mode, this command is supported only by the admin VS.

Example

# Enable the system to receive broadcast ICMP echo request packets.
<HUAWEI> system-view
[~HUAWEI] cpu-defend policy 8
[*HUAWEI-cpu-defend-policy-8] icmp-broadcast-address-echo enable
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >