The anti-ddos sip-flood source-detect command enables the SIP flood attack defense.
The undo anti-ddos sip-flood source-detect command disables the SIP flood attack defense.
anti-ddos sip-flood source-detect [ alert-rate alert-rate ]
undo anti-ddos sip-flood source-detect
| Parameter | Description | Value |
|---|---|---|
| alert-rate alert-rate | Specifies the threshold of the SIP packet rate that triggers SIP flood attack defense. | The value in the system view is an integer ranging from 1 to 80000000, in pps. The default value is 2000. The value in the interface view is an integer ranging from 1 to 80000000, in pps. The default value is 500000. |
System view or interface view (Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view )
By default, the function is disabled.
If you run the anti-ddos sip-flood source-detect command in the system view, the global SIP flood attack defense is enabled. If you run the anti-ddos sip-flood source-detect command in the interface view, the interface-specific SIP flood attack defense is enabled.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, you must use the anti-ddos sip-flood source-detect command in the interface view to manually set the threshold for the interface-specific SIP flood attack defense.