HP Comware 5 Debug Manual Vol 1

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

111

112

113

114

115

116

117

118

119

120

Examples

# Enable attack protection error debugging. Output similar to the following example is generated when

the device detects a scanning attack sourced from 1.1.1.1 under the following conditions:

1. A scanning attack protection policy is configured on the device.

2. A blacklist entry is manually added for the IP address 1.1.1.1.

<Sysname> debugging attack-defense error

*Apr 10 21:07:53:78 2008 Sysname ATTACK/7/Attack-defend Error:

Failed to add 1.1.1.1 to blacklist for already existing.

// The device failed to add IP address 1.1.1.1 to the blacklist because the entry was already added

manually.

# Enable attack protection event debugging. Output similar to the following example is generated when

the device detects a Land attack under the following conditions:

•

A scanning attack protection policy is configured to prevent Land attacks on the device.

•

The blacklist function is enabled.

<Sysname> debugging attack-defense event

*Apr 10 21:07:53:125 2008 Sysname ATTACK/7/Attack-defend Event:

Attack begin.

Attack type: Scan

Interface: GigabitEthernet1/1

Action: drop packet and add source host to blacklist

IP address: 1.1.1.1

// The device detected a scanning attack on GigabitEthernet 1/1. The predefined protection action is to

add the attacker's IP address to the blacklist, and to drop packets from the attacker.

*Apr 10 21:07:53:172 2008 Sysname ATTACK/7/Attack-defend Error:

Success to add 1.1.1.1 to blacklist, aging time is 30(s).

// The device added 1.1.1.1 to the blacklist. The entry's aging time is 30 seconds.

*Apr 10 21:07:53:141 2008 Sysname ATTACK/7/Attack-defend Event:

Attack end.

Attack type: Scan

Interface: GigabitEthernet1/1

Action: none

IP address: 1.1.1.1

// The blacklist function took effect. GigabitEthernet 1/1 received no packets from 1.1.1.1. The scanning

attack was considered over.

*Apr 10 21:07:53:157 2008 Sysname ATTACK/7/Attack-defend Event:

Single packet attack.

Attack type: Land

Interface: GigabitEthernet1/1

Action: none

Source IP address: 1.1.1.1

Destination IP address: 1.1.3.2

// The device detected a Land attack on GigabitEthernet 1/1. The device only sent attack alarm logs to

the information center.

114