beautypg.com

Dns rogue hack, Ping of death attack, Large icmp packet – H3C Technologies H3C Intelligent Management Center User Manual

Page 68

background image

58

Modifying an anomaly template that uses the common
parameters

The following information explains how to modify anomaly templates that use the common parameters.
To modify the TCP Fin Scan template:

1.

Select Service > Traffic Analysis and Audit > Settings.

2.

In the Settings area of the Traffic Analysis and Audit page, click the Anomaly Detection link.
NTA displays Anomaly Detection List and Basic Configuration in the Anomaly Detection page.

3.

Click the Modify icon

for TCP Fin Scan.

The Modify Anomaly Detection page appears. The name and description settings cannot be
changed.

4.

Adjust the alarm threshold.
NTA issues an alarm when the number of detected TCP FIN Scan packets reaches or exceeds the
threshold.

5.

Select an alarm level. Options are Critical, Major, Minor, Warning, and Info.

6.

Select whether to enable anomaly detection for TCP FIN Scan packets.

7.

Click OK.

Modifying an anomaly template that uses anomaly
type-specific parameters

The following information describes the anomaly templates that use anomaly type-specific parameters as
well as common parameters.

DNS Rogue Hack

NTA uses the IP addresses of valid DNS servers to determine which packets are from valid DNS servers.

The DNS Rogue Hack template uses one specific parameter:

Host IP—Enter the IP address and, optionally, the network mask of a valid DNS server in this field
and click Add to add an entry to the Host IP List.

The Host IP List displays the IP addresses of all valid DNS servers. To remove a DNS server from the list,

select its IP address and click Delete.

Ping of Death Attack

NTA determines whether a ping packet is valid based on its size. The Ping of Death Attack template uses

one specific parameter:

Packet Size—Enter the size threshold for ping packets.

If the size of a ping packet exceeds the threshold, NTA considers a Ping of Death attack occurred and

issues an alarm.

Large ICMP Packet

NTA determines whether an ICMP packet is valid based on its size. The Large ICMP Packet template uses

one specific parameter:

Packet Size—Enter the size threshold for ICMP packets.

See also other documents in the category H3C Technologies Safety: