Ddos protection states, Configuring ddos protection, Ddos protection configuration task list – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 160: Ddos protection configuration task list -3
17-3
During the traffic learning process, make sure no attacking traffic exists.
2) Using the detection rules to monitor subsequent traffic and generating filtering rules upon detection
of abnormal traffic.
3) Using the filtering rules to perform source authentication on abnormal traffic and dropping attacking
traffic.
DDoS Protection States
There are three DDoS protection states, traffic learning, threshold adjustment and
detection&protection.
z
Traffic learning: Uses the learning rules of the DDoS policy to identify normal traffic and generates
detection rules.
z
Threshold adjustment: Adjusts the traffic thresholds of the detection rules. This process takes a
long time to ensure that the thresholds can reflect most normal circumstances.
z
Detection&protection: Uses the detection rules to monitor traffic and generates filtering rules upon
detection of abnormal traffic to stop it.
The three states are detailed as follows:
z
Threshold adjustment and detection&protection can be enabled at the same time, while traffic
learning can only be enabled individually.
z
In traffic learning state, learning rules take effect while detection rules do not.
z
In threshold adjustment state, detection rules take effect, while filtering rules do not; dynamic
filtering rules cannot be generated.
z
In detection&protection state, both detection and filtering rules are effective.
z
When both threshold adjustment and detection&protection are running, detection and filtering rules
are effective and thresholds are updated periodically; threshold adjustment pauses upon detection
of attacks and recovers after attacks end.
Configuring DDoS Protection
DDoS Protection Configuration Task List
Perform the tasks in
to configure DDoS protection.
Table 17-2 DDoS configuration task list
Task
Remarks
Optional
Create a DDoS policy and copy the learning rules of an existing DDoS policy.
The default DDoS policy is named DDoS Policy. You can apply this policy on
a segment or copy its learning rules to another policy, but cannot delete the
default DDoS policy.