Configuring a scanning attack defense policy

Apply a scanning attack defense policy to the interface that is connected to the external network.

Scanning attack detection inspects the incoming packet rate of connections to the target system. If a source initiates connections at a rate equal to or exceeding the pre-defined threshold, the device can take the following actions:

To blacklist the attackers, you must enable the blacklist feature globally or on the interface where the defense policy is applied. For more information about the blacklist, see "Configuring the IP blacklist feature."

To configure a scanning attack defense policy:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter attack defense policy view.

attack-defense policy policy-name

N/A

3. Configure scanning attack detection.

scan detect level { high | low | medium } action { { block-source [ timeout minutes ] | drop } | logging } *

By default, scanning attack detection is not configured.