Step
4.
(Optional.) Set the
maximum length of
safe ICMP or
ICMPv6 packets.
5.
(Optional.) Specify
the actions against
single-packet
attacks of a specific
level.
6.
(Optional.) Enable
signature detection
for single-packet
attacks of a specific
level.
Configuring a scanning attack defense policy
Scanning attack detection monitors the rate at which connections are initiated to the device. If a
source initiates connections at a rate equal to or exceeding the pre-defined threshold, the device can
take the following actions:
•
Output logs.
•
Drop subsequent packets from the IP address of the attacker.
To configure a scanning attack defense policy:
Step
1.
Enter system view.
2.
Enter attack defense policy
view.
3.
Configure scanning attack
detection.
Command
record-route | route-alert | security |
stream-id | strict-source-routing } [ action
{ { drop | logging } * | none } ]
•
signature detect ipv6-ext-header
ext-header-value [ action { { drop | logging } * |
none } ]
signature { large-icmp | large-icmpv6 }
max-length length
signature level { high | info | low | medium } action
{ { drop | logging } * | none }
signature level { high | info | low | medium } detect
Command
system-view
attack-defense policy
policy-name
scan detect level { high | low |
medium } action { drop |
logging } *
457
Remarks
By default, the
maximum length of
safe ICMP or ICMPv6
packets is 4000 bytes.
A large ICMP or
ICMPv6 attack occurs if
an ICMP or ICMPv6
packet larger than the
specified length is
detected.
The default action is
logging for
single-packet attacks of
the informational and
low levels.
The default actions are
logging and drop for
single-packet attacks of
the medium and high
levels.
By default, signature
detection is disabled for
all levels of
single-packet attacks.
Remarks
N/A
N/A
By default, scanning attack
detection is not configured.