Connection limit, Scanning detection, Configuring icmp flood detection – H3C Technologies H3C SecPath F1000-E User Manual
Page 19
11
Connection limit
When an internal user initiates a large number of connections to a host on the external network in a short
period of time, system resources on the firewall will be used up soon. This will make the firewall unable
to service other users. In addition, if an internal server receives large quantities of connection requests in
a short period of time, the server will not be able to process normal connection requests from other hosts.
To protect internal network resources (including hosts and servers) and distribute resources of the firewall
reasonably, you can set connection limits based on source or destination IP addresses for security zones.
When a limit based on source or destination IP address is reached or exceeded, the firewall will output
an alarm log and discard subsequent connection requests from or to the IP address.
Scanning detection
A scanning attack probes the addresses and ports on a network to identify the hosts attached to the
network and application ports available on the hosts and to figure out the topology of the network, so as
to get ready for further attacks.
Scanning detection detects scanning attempts by tracking the rates at which connections are initiated to
protected systems. Usually, it is deployed on the firewall for the external security zone and takes effect for
packets from the security zone.
If detecting that a connection rate of an IP address has reached or exceeded the threshold, the firewall
outputs an attack alarm log, blocks the subsequent connection requests from the IP address, and
blacklists the IP address, depending on your configuration.
Configuring ICMP flood detection
NOTE:
ICMP flood detection is mainly intended to protect servers and is usually configured for an internal zone.
From the navigation tree, select Intrusion Detection > Traffic Abnormality > ICMP Flood to enter the ICMP
flood detection configuration page, as shown in
. You can select a security zone and then view
and configure ICMP flood detection rules for the security zone.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS