Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
36
Ste
p
Command
Remarks
2. Enter VD system view. switchto vd vd-name Required for a non-default VD.
3. Enter attack protection policy
view.
attack-defense policy
policy-number
N/A
4. Enable signature detection for
single-packet attacks.
signature-detect { fraggle |
icmp-redirect | icmp-unreachable
| land | large-icmp |
route-record | smurf |
source-route | tcp-flag | tracert |
winnuke } enable
By default, signature detection is
disabled for all kinds of
single-packet attacks.
5. Configure the ICMP packet
length threshold that triggers
large ICMP attack protection.
signature-detect large-icmp
max-length length
Optional.
4000 bytes by default.
6. Configure the device to drop
single-packet attack packets.
signature-detect action
drop-packet
Optional.
By default, the device only
outputs alarm logs if detecting a
single-packet attack.
You can configure a maximum
of 250 protected IP addresses
for each security zone.
154BConfiguring a scanning attack protection policy
The scanning attack protection function detects scanning attacks by monitoring the establishment rate of
connections to the target systems. It is usually applied to security zones connecting external networks and
inspects only the inbound packets of the security zones. If the device detects that the rate at which an IP
address initiates connections reaches or exceeds the pre-defined threshold, the device outputs alarm logs,
drop subsequent packets received from the IP address, and, depending on your configuration, add the
IP address to the blacklist.
To configure a policy for preventing scanning attacks:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter VD system view.
switchto vd vd-name Required for a non-default VD.
3. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
4. Enable scanning attack
protection.
defense scan enable Disabled by default.
5. Specify the connection rate
threshold that triggers
scanning attack protection.
defense scan max-rate
rate-number
Optional.
4000 connections per second by default.