The anti-ddos syn-flood source-detect command enables interface-based source authentication defense against SYN flood attacks and specifies the alarm threshold.
The undo anti-ddos syn-flood source-detect command disables interface-based source authentication defense against SYN flood attacks.
anti-ddos syn-flood source-detect [ alert-rate alert-rate ]
undo anti-ddos syn-flood source-detect
| Parameter | Description | Value |
|---|---|---|
| alert-rate alert-rate | Specifies the SYN packet rate threshold that triggers interface-based source authentication defense against SYN flood attacks. | The value is an integer ranging from 1 to 80000000, in pps. The default value is 500000. |
Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view
By default, the source authentication defense against SYN flood attacks is disabled.
After interface-based source authentication defense against SYN flood attacks is enabled, defense is triggered when the rate of all SYN packets (regardless of destination addresses) on an interface reaches alert-rate.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, the threshold triggering interface-based source authentication defense against SYN flood attacks can only be manually configured using this command.
# Enable source authentication defense against SYN flood attacks on GigabitEthernet 0/0/1 so that SYN flood attack defense is triggered when the rate of SYN packets reaches 300,000 pps.
<sysname> system-view [sysname] interface GigabitEthernet 0/0/1 [sysname-GigabitEthernet0/0/1] anti-ddos syn-flood source-detect alert-rate 300000