beautypg.com

Verifying the configuration – H3C Technologies H3C SecBlade LB Cards User Manual

Page 266

background image

255

# Enable blacklist function.

[LB] blacklist enable

# Create attack protection policy 1.

[LB] attack-defense policy 1

# Enable Smurf attack protection.

[LB-attack-defense-policy-1] signature-detect smurf enable

# Enable scanning attack protection.

[LB-attack-defense-policy-1] defense scan enable

# Set the connection rate threshold that triggers scanning attack protection to 4500 connections per
second.

[LB-attack-defense-policy-1] defense scan max-rate 4500

# Add source IP addresses detected by scanning attack protection to the blacklist.

[LB-attack-defense-policy-1] defense scan add-to-blacklist

[LB-attack-defense-policy-1] quit

# Apply attack protection policy 1 to the security zone Untrust.

[LB] zone name Untrust id 4

[LB-zone-Untrust] attack-defense apply policy 1

[LB-zone-Untrust] quit

# Create attack protection policy 2.

[LB] attack-defense policy 2

# Enable SYN flood attack protection.

[LB-attack-defense-policy-2] defense syn-flood enable

# Configure SYN flood attack protection for the internal server 10.1.1.2, and set the action threshold to
5000 and silence threshold to 1000.

[LB-attack-defense-policy-2] defense syn-flood ip 10.1.1.2 rate-threshold high 5000 low

1000

# Configure the policy to drop the subsequent packets after a SYN flood attack is detected.

[LB-attack-defense-policy-2] defense syn-flood action drop-packet

[LB-attack-defense-policy-2] quit

# Apply attack protection policy 2 to security zone DMZ.

[LB] zone name DMZ id 3

[LB-zone-DMZ] attack-defense apply policy 2

[LB-zone-DMZ] quit

Verifying the configuration

Use the display attack-defense policy command to display the contents of attack protection policy 1 and

2.
If security zone Untrust receives Smurf attack packets, LB should output alarm logs. If security zone

Untrust receives scanning attack packets, LB should output alarm logs and add the IP addresses of the
attackers to the blacklist. If SYN flood attack packets are received by security zone DMZ, LB should output

alarm logs and drop the subsequent attack packets.
After a period of time, use the display attack-defense statistics zone command to display the attack

protection statistics of each security zone. If scanning attacks occur, you can use the display blacklist

command to see the blacklist entries added automatically by scanning attack protection.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: