Viewing the anomaly detection list – H3C Technologies H3C Intelligent Management Center User Manual
Page 67
57
•
UDP Flood Attack
•
Invalid ToS
•
Land Attack
•
Invalid IP Protocol
•
Corrupt IP Option
•
Time Stamp IP Option
•
Source Route IP Option
•
Record Route IP Option
•
Security IP Option
•
Stream ID IP Option
•
Fragmented ICMP Packet
•
ICMP Redirects
•
ICMP Destination Unreachable
•
ICMP Request Excess
•
ICMP Reply Excess
•
ICMP Source Quench
•
ICMP Parameter Problem
•
ICMP Time Exceeded
The following templates use anomaly type-specific parameters:
•
DNS Rogue Hack
•
Ping of Death Attack
•
Large ICMP Packet
•
DHCP Offer Packet
Viewing the anomaly detection list
1.
Select Service > Traffic Analysis and Audit > Settings.
2.
In the Settings area of the Traffic Analysis and Audit page, click the Anomaly Detection link.
NTA displays Anomaly Detection List and Basic Configuration in the Anomaly Detection page.
3.
Modify the basic configuration for anomaly detection:
•
Time Window—Selects the time window mode for generating anomaly alarms:
{
Fixed Time Window—Select this option to take time as a series of fixed-length time
windows. Anomaly detection generates only one alarm within every time window
duration.
{
Sliding Time Window—Select this option to use sliding time windows. The start point of a
sliding time window is the time when the last anomaly alarm was generated. After an
alarm is generated, anomaly detection does not generate another alarm for the same
attack within the specified time duration.
For your selection to take effect, click OK to the right of the parameter.
•
Window Size—Sets the size of the time window, in the range of 1 to 10 minutes. For your
selection to take effect, click OK to the right of the parameter.
4.
View the Anomaly Detection List:
•
Name—Anomaly that NTA can detect.
•
Description—Description of the anomaly, name of the anomaly detection template.
•
Threshold—Anomaly threshold. When this threshold is crossed, NTA generates an alarm.
•
Alarm Level—Level of the alarm, Critical by default.
•
Enable—Whether anomaly detection is enabled for the item.
•
Modify—To modify the anomaly detection template, click the Modify
icon.