Configuration Guide Configuring WIDS
Check the SSID-based whitelist function. When the SSID-based whitelist is configured, STAs not included in the
SSID-based whitelist cannot join this SSID service.
Configuration Example
N/A
2.4.2 Configuring IDS
Configuration Effect
IDS can be used to timely find and defend against malicious or unintentional attacks in WLAN.
Notes
IDS needs to be used together with the dynamic blacklist function, to effectively prevent attacks against WLAN.
Configuration Steps
Specifying the IDS Type
(Optional) IDS is disabled by default.
attack-detection enable { all | ddos | flood | spoof | weak-iv }
ddos: Enables DDoS attack detection.
flood: Enables flooding attack detection.
spoof: Enables spoofing attack detection.
weak-iv: Enables Weak IV attack detection.
all: Enables all IDS attack detection.
All IDS attack detection is disabled by default.
Configuring DDoS Attack Detection
Optional.
To configure the thresholds and intervals of a specified type of packets in DDoS attack detection, the same as above.
attack-detection ddos { arp-threshold num| icmp-threshold num| syn-threshold num | interval time }
arp-threshold num: Indicates ARP packet threshold ranging from1 to 10,000 pps.
icmp-threshold num: Indicates ICMP packet threshold ranging from110,000 pps.
syn-threshold num: Indicates SYN packet threshold ranging from1 to 10,000 pps.
interval time: Indicates the period of DDoS attack detection ranging from 10 to 60 seconds.
By default, the interval of DDoS attack detection is 30 seconds, and the three DDoS attack detection
thresholds are 5 pps for ARPpackets, 100 pps for ICMPpackets, and 5 pps for SYNpackets.
To Next Page
Loading...
