EasyManuals Logo

HP MSR SERIES Command Reference

HP MSR SERIES
684 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #656 background imageLoading...
Page #656 background image
642
Use undo scan detect to restore the default.
Syntax
scan detect level { high | low | medium } action { { block-source [ timeout minutes ] | drop } | logging }
*
undo scan detect level { high | low | medium }
Default
Scanning attack detection is disabled.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
level: Specifies the level of the scanning attack detection.
low: Specifies the low level. This level provides basic scanning attack detection. It has a low false alarm
rate but many scanning attacks cannot be detected.
high: Specifies the high level. This level can detect most of the scanning attacks, but has a high false
alarm rate. Some packets from active hosts might be considered as attack packets.
medium: Specifies the medium level. Compared with the high and low levels, this level has a medium
false alarm rate and attack detection rate.
action: Specifies the actions against scanning attacks.
block-source: Adds the attackers' IP addresses to the blacklist. If the blacklist function is enabled on the
receiving interface, the device drops subsequent packets from the blacklisted IP addresses.
timeout minutes: Sets the aging timer in minutes for the dynamically added blacklist entries, in the range
of 1 to 1000. The default aging timer is 10 minutes.
drop: Drops subsequent packets from detected scanning attack sources.
logging: Enables logging for scanning attack events. The log information records the interface name,
victim IP address, MPLS L3VPN instance name, current packet statistics, prevention action, and start time
of the attack.
Usage guidelines
To configure the scanning attack detection to collaborate with the blacklist function, make sure of the
following items:
The block-source keyword is specified in the command.
The blacklist function is enabled on the interface to which the attack defense policy is applied. To
enable the blacklist function, use the blacklist enable command.
Examples
# Configure low level scanning attack detection in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] scan detect level low action drop

Table of Contents

Other manuals for HP MSR SERIES

Preview: Configuration Guide
Configuration Guide889 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP MSR SERIES and is the answer not in the manual?

HP MSR SERIES Specifications

General IconGeneral
Product SeriesMSR Series
ManufacturerHP
CategoryNetwork Router
PortsVaries by model
WAN InterfacesVaries by model
LAN InterfacesVaries by model
VPN SupportYes
FirewallYes
DimensionsVaries by model
WeightVaries by model
Wireless SupportVaries by model
ManagementWeb-based, CLI
Power SupplyVaries by model
Operating Temperature0°C to 45°C
Storage Temperature-40°C to 70°C
Humidity5% to 95% non-condensing

Related product manuals