Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual
Page 33
25
Verifying the configuration
•
After a scanning attack packet is received from zone Untrust, SecPath should output alarm logs and
add the IP address of the attacker to the blacklist. You can select Intrusion Detection > Blacklist from
the navigation tree to view whether the attacker's IP address is on the blacklist.
•
If a host in zone Trust initiates 100 or more connections, SecPath should output alarm logs and
discard subsequent connection request packets from the host. You can select Intrusion Detection >
Statistics from the navigation tree to view how many times that a connection limit per source IP
address has been exceeded and the number of packets dropped.
•
If the number of connections to the server in the DMZ reaches or exceeds 10000, SecPath should
output alarm logs and discard subsequent connection request packets. You can select Intrusion
Detection > Statistics from the navigation tree to view how many times that a connection limit per
destination IP address has been exceeded and the number of packets dropped.
•
If a SYN flood attack is initiated to the DMZ, SecPath should output alarm logs and discard the
attack packets. You can select Intrusion Detection > Statistics from the navigation tree to view the
number of SYN flood attacks and the number of packets dropped.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS