Configuring dns flood detection – H3C Technologies H3C SecPath F1000-E User Manual

15

Item

Description

Action Threshold

Set the protection action threshold for UDP flood attacks that
target the protected host.
If the sending rate of UDP packets destined for the specified IP
address constantly reaches or exceeds this threshold, the

firewall enters the attack protection state and takes attack

protection actions as configured.

Silent Threshold

Set the silent threshold for actions that protect against UDP
flood attacks targeting the protected host.
If the sending rate of UDP packets destined for the specified IP

address drops below this threshold, the firewall returns to the
attack detection state and stops the protection actions.

Global Configuration
of Security Zone

Action Threshold

Set the protection action threshold for UDP flood attacks that
target a host in the protected security zone.
If the sending rate of UDP packets destined for a host in the
security zone constantly reaches or exceeds this threshold, the

firewall enters the attack protection state and takes attack
protection actions as configured.

Silent Threshold

Set the silent threshold for actions that protect against UDP
flood attacks targeting a host in the protected security zone.
If the sending rate of UDP packets destined for a host in the
security zone drops below this threshold, the firewall returns to

the attack detection state and stops the protection actions.

NOTE:

Host-specific settings take precedence over the global settings for security zones.

Configuring DNS flood detection

NOTE:

DNS flood detection is mainly intended to protect servers and is usually configured for an internal zone.

From the navigation tree, select Intrusion Detection > Traffic Abnormality > DNS Flood to enter the DNS

flood detection configuration page, as shown in

Figure 15

. You can select a security zone and then view

and configure DNS flood detection rules for the security zone.