User guide
Security Security command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-102
set here, the suspected attacker is blocked for the time limit specified in the command
SECURITY SET IDS DOSATTACKBLOCK.
For example, using the default settings, if more than 20 SYN packets are received per
second for a 10 second duration, the attacker is blocked.
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> security set IDS floodthreshold 25
4.2.7.1.55 SECURITY SET IDS PORTFLOODTHRESHOLD
Syntax SECURITY SET IDS PORTFLOODTHRESHOLD <MAX>
Description This command allows you to set the maximum number of SYN packets that can be sent
to a single port before a port flood is detected. If the number of SYN packets counted
within the time duration set by the command SECURITY SET IDS FLOODPERIOD is
greater than the maximum value set here, the suspected attacker is blocked for the time
limit specified in the command SECURITY SET IDS DOSATTACKBLOCK.
For example, using the default settings, if more than 10 SYN packets are received per
second for a 10 second duration, the attacker is blocked.
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> security set IDS portfloodthreshold 15
4.2.7.1.56 SECURITY SET IDS SCANPERIOD
Syntax SECURITY SET IDS SCANPERIOD <DURATION>
Option Description Default Value
max Maximum number of SYN packets that can be
received before a flood is detected.
20 (per second)
Option Description Default Value
max Maximum number of SYN packets that can be
received by a single port before a flood is
detected.
10 (per second)