Login
- Table of Contents
-
- 16-Security Command Reference
- 00-Preface
- 01-ACL commands
- 02-Time range commands
- 03-User profile commands
- 04-Password control commands
- 05-Public key management commands
- 06-PKI commands
- 07-IPsec commands
- 08-IKE commands
- 09-IKEv2 commands
- 10-SSH commands
- 11-SSL commands
- 12-SSL VPN commands
- 13-Session management commands
- 14-Connection limit commands
- 15-Attack detection and prevention commands
- 16-IP-based attack prevention commands
- 17-IP source guard commands
- 18-ARP attack protection commands
- 19-ND attack defense commands
- 20-Protocol packet rate limit commands
- 21-Object group commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 16-IP-based attack prevention commands | 38.38 KB |
IP-based attack prevention commands
Naptha attack prevention commands
tcp anti-naptha enable
Use tcp anti-naptha enable to enable Naptha attack prevention.
Use undo tcp anti-naptha enable to disable Naptha attack prevention.
Syntax
tcp anti-naptha enable
undo tcp anti-naptha enable
Default
Naptha attack prevention is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
After you enable Naptha attack prevention, the device checks the number of TCP connections in each state. If the number of TCP connections in a state exceeds the limit, the device will accelerate the aging of the TCP connections in that state. The TCP connection limits are set by the tcp state command.
Examples
# Enable Naptha attack prevention.
<Sysname> system-view
[Sysname] tcp anti-naptha enable
Related commands
tcp state
tcp state
Use tcp state to set the maximum number of TCP connections in a state.
Use undo tcp state to restore the default.
Syntax
tcp state { closing | established | fin-wait-1 | fin-wait-2 | last-ack } connection-limit number
undo tcp state { closing | established | fin-wait-1 | fin-wait-2 | last-ack } connection-limit
Default
The maximum number of TCP connections in each state (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and LAST_ACK) is 50.
Views
System view
Predefined user roles
network-admin
Parameters
closing: Specifies the CLOSING state.
established: Specifies the ESTABLISHED state.
fin-wait-1: Specifies the FIN_WAIT_1 state.
fin-wait-2: Specifies the FIN_WAIT_2 state.
last-ack: Specifies the LAST_ACK state.
connection-limit number: Specifies the maximum number of TCP connections, in the range of 0 to 500. The value of 0 represents that the device does not accelerate the aging of the TCP connections in a state.
Usage guidelines
This command takes effect after you enable Naptha attack prevention. If the number of TCP connections in a state exceeds the limit, the device will accelerate the aging of the TCP connections in the state.
Examples
# Set the maximum number of TCP connections in the ESTABLISHED state to 100.
<Sysname> system-view
[Sysname] tcp state established connection-limit 100
Related commands
tcp anti-naptha enable
