Enabling attack protection logging, Configuring an attack protection policy – H3C Technologies H3C SecBlade LB Cards User Manual
Page 256
245
Step Command
Remarks
2.
Enter virtual device (VD)
system view.
switchto vd vd-name
Required for a non-default VD.
3.
Create an attack protection
policy and enter attack
protection policy view.
attack-defense policy
policy-number [ zone zone-name ]
By default, no attack protection
policy is created.
Enabling attack protection logging
After the attack protection policy is created, you can enable the device to log single-packet attacks,
scanning attacks, and flood attacks for adjusting network management strategies.
To enable attack protection logging:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable attack protection
logging.
attack-defense logging enable
Optional.
By default, attack protection logging is
disabled.
Configuring an attack protection policy
In an attack protection policy, you can specify the signatures for attack detection and the corresponding
protection measures according to the security requirements of your network.
Different types of attack protection policies have different configurations, which are described below in
terms of single-packet attacks, scanning attacks, and flood attacks.
Configuring a single-packet attack protection policy
The single-packet attack protection function determines whether a packet is an attack packet mainly by
analyzing the characteristics of the packet. It is usually applied to security zones connecting external
networks, and inspects only the inbound packets of the security zones. If detecting an attack packet, the
device outputs an alarm log by default and, depending on your configuration, drop or forward the
packet.
To configure a policy for preventing single-packet attacks:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter VD system view.
switchto vd vd-name
Required for a non-default VD.
3.
Enter attack protection policy
view.
attack-defense policy
policy-number
N/A