Attack detection and prevention configuration task
list
Tasks at a glance
(Required.)
•
(Required.)
•
(Required.) Perform at least one of the following tasks to configure attack detection:
Configuring a single-packet attack defense policy
Configuring a scanning attack defense policy
Configuring a flood attack defense policy
•
(Optional.)
(Required.) Perform at least one of the tasks to apply an attack defense policy:
•
Applying an attack defense policy to an interface
•
Applying an attack defense policy to the device
(Optional.)
Enabling log non-aggregation for single-packet attack events
(Optional.)
Configuring TCP fragment attack prevention
(Optional.)
Configuring the IP blacklist feature
(Optional.)
Configuring login attack prevention
(Optional.)
Enabling the login delay
Configuring an attack defense policy
Creating an attack defense policy
An attack defense policy can contain a set of attack detection and prevention configuration against
multiple attacks.
To create an attack defense policy:
Step
1.
Enter system view.
2.
Create an attack defense
policy and enter its view.
Configuring a single-packet attack defense policy
Apply the single-packet attack defense policy to the interface that is connected to the external
network.
Single-packet attack detection inspects incoming packets based on the packet signature. If an attack
packet is detected, the device can take the following actions:
•
Output logs (the default action).
•
Drop attack packets.
You can also configure the device to not take any actions.
Configuring an attack defense
Creating an attack defense policy
Configuring attack detection exemption
Command
system-view
attack-defense policy
policy-name
policy:
391
Remarks
N/A
By default, no attack defense policy
exists.