Configuring connection limit, Configuring scanning detection – H3C Technologies H3C SecPath F1000-E User Manual

19

NOTE:

Host-specific settings take precedence over the global settings for security zones.

Configuring connection limit

From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit to enter the

connection limit configuration page, as shown in

Figure 19

. You can select a security zone and then view

and configure the connection limit for the security zone.

Table 9

describes the connection limit

configuration items.

Figure 19 Connection limit configuration page

Table 9 Configuration items

Item

Description

Security Zone

Select a security zone to perform connection limit
configuration for it.

Discard packets when the specified attack is detected

Select this option to discard subsequent packets
destined for or sourced from an IP address when the

number of the connections for that IP address has

exceeded the limit.

Enable connection limit per source IP

Select the option to set the maximum number of
connections that can be present for a source IP

address.

Threshold

Enable connection limit per dest IP

Select the option to set the maximum number of
connections that can be present for a destination IP
address.

Threshold

Configuring scanning detection

NOTE:
•

Scanning detection is intended to detect scanning behaviors and is usually configured for an external
zone.

•

Scanning detection can be configured to add blacklist entries automatically. If you remove such a
blacklist entry, the system will not add the entry back to the blacklist during a period of time. This is

because the system considers that the subsequent packets are from the same attack.

From the navigation tree, select Intrusion Detection > Traffic Abnormality > Scanning Detection to enter

the scanning detection configuration page, as shown in

Figure 20

. You can select a security zone and