Configuring scanning detection – H3C Technologies H3C SecPath F1000-E User Manual

9

Figure 9 Connection limit configuration page

Table 5

describes the connection limit configuration items.

Table 5 Connection limit configuration items

Item

Description

Security Zone

Select a security zone to perform connection limit
configuration for it.

Discard packets when the specified attack is detected

Select this option to discard subsequent packets
destined for or sourced from an IP address when the

number of the connections for that IP address has

exceeded the limit.

Enable connection limit per source IP

Threshold

Select the option to set the maximum number of
connections that can be present for a source IP

address.

Enable connection limit per dest IP

Threshold

Select the option to set the maximum number of
connections that can be present for a destination IP
address.

Configuring Scanning Detection

NOTE:
•

Scanning detection is intended to detect scanning behaviors and is usually configured for an external
zone.

•

Scanning detection can be configured to add blacklist entries automatically. If you remove such a
blacklist entry, the system will not add the entry back to the blacklist during a period of time. This is
because the system considers that the subsequent packets are from the same attack.

From the navigation tree, select Intrusion Detection > Traffic Abnormality > Scanning
Detection to enter the scanning detection configuration page, as shown in

Figure 10

. You can select a

security zone and then view and configure the scanning detection rule for the security zone.