The anti-ddos udp-flood relation-defend source-detect command enables the interface-specific UDP flood attack defense.
The undo anti-ddos udp-flood relation-defend source-detect command disables the interface-specific UDP flood attack defense.
anti-ddos udp-flood relation-defend source-detect [alert-speed alert-speed ]
undo anti-ddos udp-flood relation-defend source-detect
| Parameter | Description | Value |
|---|---|---|
| alert-speed alert-speed | Specifies the threshold of the UDP packet rate that triggers UDP flood attack defense. | The value is an integer ranging from 1 to 10240, in Mbit/s. The default value is 850. |
Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view
By default, the function is disabled.
A FW uses source detection association defense to defend against UDP flood attacks. The FW checks whether the source IP address of UDP packets hits the whitelist established by other attack defense functions.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, you must use the anti-ddos udp-flood relation-defend source-detect command to manually set the threshold for the interface-specific UDP flood attack defense.
# Enable UDP flood attack defense on the GigabitEthernet 0/0/1 interface. Set the threshold of the UDP packet rate that triggers UDP flood attack defense to 100 Mbit/s.
<sysname> system-view [sysname] interface GigabitEthernet 0/0/1 [sysname-GigabitEthernet0/0/1] anti-ddos udp-flood relation-defend source-detect alert-speed 100