Configuring a scanning attack defense policy
About scanning attack detection and prevention
Scanning attack detection inspects the incoming packet rate of connections to the device. If a source initiates connections at a rate equal to or exceeding the pre-defined threshold, the device can take the following actions:
Output logs.
Drop subsequent packets from the IP address of the attacker.
Add the attacker's IP address to the IP blacklist.
Procedure
Enter system view.
system-view
Enter attack defense policy view.
attack-defense policy policy-name
Configure scanning attack detection.
scan detect level { high | low | medium } action { { block-source [ timeout minutes ] | drop } | logging } *
By default, scanning attack detection is not configured.