Configuring a scanning attack defense policy

About scanning attack detection and prevention

Scanning attack detection inspects the incoming packet rate of connections to the device. If a source initiates connections at a rate equal to or exceeding the pre-defined threshold, the device can take the following actions:

Procedure

  1. Enter system view.

    system-view

  2. Enter attack defense policy view.

    attack-defense policy policy-name

  3. Configure scanning attack detection.

    scan detect level { high | low | medium } action { { block-source [ timeout minutes ] | drop } | logging } *

    By default, scanning attack detection is not configured.