Table of Contents
Advertisement
>ipf flowtrack set -r
Refresh the flowstate ok
> ipf flowtrack view -f
Start to show the flowtrack sessions state:
T
e
l
n
e
t
C
o
m
m
T
e
l
n
e
t
C
o
m
m
This command allows users to configure the settings for DoS defense system.
S
y
n
t
a
x
S
y
n
t
a
x
ddos [-V | D | A]
ddos [-s ATTACK_F [THRESHOLD][ TIMEOUT]]
ddos [-a | e [ATTACK_F][ATTACK_0] | d [ATTACK_F][ATTACK_0]]
S
y
n
t
a
x
S
y
n
t
a
x
Parameter
-V
-D
-A
-s
ATTACK_F
THRESHOLD
TIMEOUT
-a
-e
ATTACK_0
-d
E
x
a
m
p
l
E
x
a
m
p
> ddos -A
The DoS Denfense system is Activated
> ddos -s synflood 50 10
synflood is enabled! Treshold=50 (pkt/sec) timeout=10 (pkt/sec)
T
e
l
n
e
t
C
o
m
m
T
e
l
n
e
t
C
o
m
m
This command allows users to set the URL access control.
S
y
n
t
a
x
S
y
n
t
a
x
urlf blist [noip]
118
a
n
d
:
d
d
o
s
a
n
d
:
d
d
o
s
D
e
s
c
r
i
p
t
i
o
n
D
e
s
c
r
i
p
t
i
o
n
Description
It means to view the configuration of DoS defense system.
It means to deactivate the DoS defense system.
It means to activate the DoS defense system.
It means to enable the defense function for a specific attack and set
its parameter(s).
It means to specify the name of flooding attack(s) or portscan, e.g.,
synflood, udpflood, icmpflood, or postscan.
It means the packet rate (packet/second) that a flooding attack will
be detected. Set a value larger than 20.
It means the time (seconds) that a flooding attack will be blocked.
Set a value larger than 5.
It means to enable the defense function for all attacks listed in
ATTACK_0.
It means to enable defense function for a specific attack(s).
It means to specify a name of the following attacks: ip_option,
tcp_flag, land, teardrop, smurf, pingofdeath, traceroute,
icmp_frag, syn_frag, unknow_proto, fraggle.
It means to disable the defense function for a specific attack(s).
e
l
e
a
n
d
:
u
r
l
f
b
l
i
s
t
a
n
d
:
u
r
l
f
b
l
i
s
t
Vigor122 User's Guide
Advertisement
Table of Contents
