Display and maintenance commands for attack detection and prevention
Use the display commands in any view and the reset commands in user view.
To display and maintain attack detection and prevention:
Task | Command |
|---|---|
Display flood attack detection and prevention statistics for an IPv4 address. | display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } statistics ip [ ip-address [ vpn vpn-instance-name ] ] [ [ local ] [ slot slot-number ] ] [ count ] |
Display flood attack detection and prevention statistics for an IPv6 address. | display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-flood | syn-ack-flood | udp-flood } statistics ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ [ local ] [ slot slot-number ] ] [ count ] |
Display attack defense policy configuration. | display attack-defense policy [ policy-name ] |
Display information about IPv4 addresses protected by flood attack detection and prevention. | display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmp-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ip [ ip-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ] |
Display information about IPv6 addresses protected by flood attack detection and prevention. | display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ slot slot-number ] ] [ count ] |
Display information about IPv4 scanning attackers. | display attack-defense scan attacker ip [ [ local ] [ slot slot-number ] ] [ count ] |
Display information about IPv6 scanning attackers. | display attack-defense scan attacker ipv6 [ [ local ] [ slot slot-number ] ] [ count ] |
Display information about IPv4 scanning attack victims. | display attack-defense scan victim ip [ [ local ] [ slot slot-number ] ] [ count ] |
Display information about IPv6 scanning attack victims. | display attack-defense scan victim ipv6 [ [ local ] [ slot slot-number ] ] [ count ] |
Display attack detection and prevention statistics on an interface. | display attack-defense statistics interface interface-type interface-number [ slot slot-number ] |
Display attack detection and prevention statistics for the device. | display attack-defense statistics local [ slot slot-number ] |
Display manually added IPv4 blacklist entries. | display blacklist ip [ source-ip-address [ vpn-instance vpn-instance-name ] [ ds-lite-peer ds-lite-peer-address ] | count ] |
Display manually added IPv6 blacklist entries. | display blacklist ipv6 [ source-ipv6-address [ vpn-instance vpn-instance-name ] | count ] |
Display trusted IPv4 addresses for client verification. | display client-verify { dns | http | tcp } trusted ip [ ip-address [ vpn vpn-instance-name ] ] [ slot slot-number ] [ count ] |
Display trusted IPv6 addresses for client verification. | display client-verify { dns | http | tcp } trusted ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ slot slot-number ] ] [ count ] |
Clear flood attack detection and prevention statistics. | reset attack-defense policy policy-name flood protected { ip | ipv6 } statistics |
Clear attack detection and prevention statistics for the device. | reset attack-defense statistics local |
Clear dynamic IPv4 blacklist entries. | reset blacklist ip { source-ip-address [ vpn-instance vpn-instance-name ] [ ds-lite-peer ds-lite-peer-address ] | all } |
Clear dynamic IPv6 blacklist entries. | reset blacklist ipv6 { source-ipv6-address [ vpn-instance vpn-instance-name ] | all } |
Clear blacklist statistics. | reset blacklist statistics |