Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
12
defense scan enable
defense scan max-rate
defense scan enable
Use defense scan enable to enable scanning attack protection.
Use undo defense scan enable to restore the default.
Syntax
defense scan enable
undo defense scan enable
Default
Scanning attack protection is disabled.
Views
Attack protection policy view
Default command level
2: System level
Usage guidelines
With scanning attack protection enabled, a device checks the connection rate by IP address. If the
connection rate of an IP address reaches or exceeds the threshold (set by the defense scan max-rate
command), the device considers the IP address a scanning attack source, outputs an attack alarm log,
and it can blacklist the IP address depending on your configuration. Subsequent packets from the
blacklisted IP address are dropped.
Examples
# Enable scanning attack protection.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense scan enable
Related commands
blacklist enable
defense scan add-to-blacklist
defense scan blacklist-timeout
defense scan max-rate
defense scan max-rate
Use defense scan max-rate to specify the threshold of connection establishment rate that triggers
scanning attack prevention.
Use undo defense scan max-rate to restore the default, which is 4000 connections per second.
Syntax
defense scan max-rate rate-number