beautypg.com

H3C Technologies H3C Intelligent Management Center User Manual

Page 46

background image

37

Viewing details about an anomaly template that uses
type-specific parameters

Table 3

shows the anomaly detection templates that use their respective specific parameters.

Table 3 Anomaly detection templates that uses type-specific parameters

Template name

Type-specific parameters

DNS Rogue Hack

Host IP List—List of IP addresses of valid DNS servers.

Large ICMP Packet

Packet Size—ICMP packet size threshold.

Ping of Death Attack

Packet Size—Ping packet size threshold.

DHCP Offer Packet

Host IP List—List of IP addresses of valid DNS servers.

DHCP Monitor Time—Includes one or more days of a week, the

start time, and the end time. The start time and end time are in the

format of hh:mm.

To view details about an anomaly template that uses type-specific parameters:

1.

Access the Anomaly Detection page.

2.

In the anomaly detection template list, click the name for an anomaly template that uses
type-specific parameters.
The Anomaly Detection Details page appears.
For more information about description for type-specific parameters, see

Table 3

.

Modifying an anomaly template that uses common parameters

The methods for modifying anomaly templates that uses common parameters are the same. This

example uses the TCP Fin Scan template.
To modify the TCP Fin Scan template:

1.

Access the Anomaly Detection page.

2.

In the anomaly detection template list, click the Modify icon

for TCP Fin Scan.

The Modify Anomaly Detection page appears. You cannot modify the Monitor Name and
Description fields.

3.

In the Threshold field, enter a new threshold.

4.

From the Alarm Level list, select an alarm level. Options are Critical, Major, Minor, Warning, and
Info.

5.

Select whether to enable anomaly detection for TCP FIN Scan packets.

6.

Click OK.

Modifying an anomaly template that uses type-specific
parameters

The following information describes modifying the type-specific parameters for each anomaly template
that uses type-specific parameters. For more information about modifying common parameters for

See also other documents in the category H3C Technologies Safety: