418
Step Command Remarks
2. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
3. Enable scanning attack
protection.
defense scan enable
Disabled by default.
4. Specify the connection
rate threshold that
triggers scanning attack
protection.
defense scan max-rate
rate-number
Optional.
4000 connections per second
by default.
5. Configure the blacklist
function for scanning
attack protection.
• Enable the blacklist function for
scanning attack protection:
defense scan add-to-blacklist
• Set the aging time for entries
blacklisted by the scanning attack
protection function:
defense scan blacklist-timeout
minutes
Optional.
By default:
• Blacklist function for
scanning attack protection
is disabled.
• The aging time for entries
blacklisted by the
scanning attack protection
function is 10 minutes.
6. Return to system view.
quit
N/A
7. Enable the blacklist
function.
blacklist enable
Required to make the blacklist
entries added by the scanning
attack protection function take
effect.
By default, the blacklist function
is disabled.
Configuring a flood attack protection policy
The flood attack protection function is used to protect servers. It detects various flood attacks by
monitoring the rate at which connection requests are sent to a server. The flood attack protection
function is usually applied to the interfaces connecting the internal network and inspects only
outbound packets of the interfaces.
With flood attack protection enabled, the device is in attack detection state. When the device detects
that the rate of sending connection requests to a server constantly reaches or exceeds the specified
action threshold, the device considers the server is under attack and enters the attack protection
state. Then, the device takes protection actions as configured (by default, the device only outputs
alarm logs, but can be configured to drop the subsequent connection request packets). When the
device detects that the packet sending rate to the server drops below the silence threshold, it
considers that the attack to the server is over, turns back to the attack detection state, and stops
taking the protection actions.
You can configure attack protection for specific IP addresses. For IP addresses for which you do not
configure attack protection specifically, the device uses the global attack protection settings.
To configure a SYN flood attack protection policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
3. Enable SYN flood attack
protection.
defense syn-flood enable
Disabled by default.
To Next Page
Loading...
Need help?
General
