beautypg.com

Viewing the anomaly detection list – H3C Technologies H3C Intelligent Management Center User Manual

Page 67

background image

57

UDP Flood Attack

Invalid ToS

Land Attack

Invalid IP Protocol

Corrupt IP Option

Time Stamp IP Option

Source Route IP Option

Record Route IP Option

Security IP Option

Stream ID IP Option

Fragmented ICMP Packet

ICMP Redirects

ICMP Destination Unreachable

ICMP Request Excess

ICMP Reply Excess

ICMP Source Quench

ICMP Parameter Problem

ICMP Time Exceeded

The following templates use anomaly type-specific parameters:

DNS Rogue Hack

Ping of Death Attack

Large ICMP Packet

DHCP Offer Packet

Viewing the anomaly detection list

1.

Select Service > Traffic Analysis and Audit > Settings.

2.

In the Settings area of the Traffic Analysis and Audit page, click the Anomaly Detection link.
NTA displays Anomaly Detection List and Basic Configuration in the Anomaly Detection page.

3.

Modify the basic configuration for anomaly detection:

Time Window—Selects the time window mode for generating anomaly alarms:

{

Fixed Time Window—Select this option to take time as a series of fixed-length time

windows. Anomaly detection generates only one alarm within every time window
duration.

{

Sliding Time Window—Select this option to use sliding time windows. The start point of a
sliding time window is the time when the last anomaly alarm was generated. After an

alarm is generated, anomaly detection does not generate another alarm for the same

attack within the specified time duration.

For your selection to take effect, click OK to the right of the parameter.

Window Size—Sets the size of the time window, in the range of 1 to 10 minutes. For your
selection to take effect, click OK to the right of the parameter.

4.

View the Anomaly Detection List:

Name—Anomaly that NTA can detect.

Description—Description of the anomaly, name of the anomaly detection template.

Threshold—Anomaly threshold. When this threshold is crossed, NTA generates an alarm.

Alarm Level—Level of the alarm, Critical by default.

Enable—Whether anomaly detection is enabled for the item.

Modify—To modify the anomaly detection template, click the Modify

icon.

See also other documents in the category H3C Technologies Safety: