424
Usage guidelines
With scanning attack protection enabled, a device checks the connection rate by IP address. If the
connection rate of an IP address reaches or exceeds the threshold (set by the
defense scan
max-rate
command), the device considers the IP address a scanning attack source and drops
subsequent packets from the IP address until it finds that the rate is less than the threshold.
Examples
# Enable scanning attack protection.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense scan enable
Related commands
•
blacklist
enable
•
defense scan add-to-blacklist
•
defense scan blacklist-timeout
•
defense scan max-rate
defense scan max-rate
Use
defense scan max-rate
to specify the threshold of connection establishment rate that triggers
scanning attack prevention.
Use
undo defense scan max-rate
to restore the default, which is 4000 connections per second.
Syntax
defense scan max-rate
rate-number
undo defense scan max-rate
Views
Attack protection policy view
Default command level
2: System level
Parameters
rate-number
: Threshold of the connection establishment rate (number of connections established in
a second) that triggers scanning attack protection, in the range of 1 to 10000.
Usage guidelines
With scanning attack protection enabled, a device checks the connection rate by IP address. If the
connection rate of an IP address reaches or exceeds the threshold, the device considers the IP
address a scanning attack source and drops subsequent packets from the IP address until it finds
that the rate is less than the threshold.
Examples
# Enable scanning attack protection.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense scan enable
# Set the connection rate threshold for triggering scanning attack protection to 2000 connections per
second.
[Sysname-attack-defense-policy-1] defense scan max-rate 2000