Connection limit, Scanning detection, Configuring icmp flood detection – H3C Technologies H3C SecPath F1000-E User Manual

Page 19

Advertising
background image

11

Connection limit

When an internal user initiates a large number of connections to a host on the external network in a short

period of time, system resources on the firewall will be used up soon. This will make the firewall unable

to service other users. In addition, if an internal server receives large quantities of connection requests in
a short period of time, the server will not be able to process normal connection requests from other hosts.
To protect internal network resources (including hosts and servers) and distribute resources of the firewall

reasonably, you can set connection limits based on source or destination IP addresses for security zones.

When a limit based on source or destination IP address is reached or exceeded, the firewall will output

an alarm log and discard subsequent connection requests from or to the IP address.

Scanning detection

A scanning attack probes the addresses and ports on a network to identify the hosts attached to the
network and application ports available on the hosts and to figure out the topology of the network, so as

to get ready for further attacks.
Scanning detection detects scanning attempts by tracking the rates at which connections are initiated to

protected systems. Usually, it is deployed on the firewall for the external security zone and takes effect for
packets from the security zone.
If detecting that a connection rate of an IP address has reached or exceeded the threshold, the firewall

outputs an attack alarm log, blocks the subsequent connection requests from the IP address, and

blacklists the IP address, depending on your configuration.

Configuring ICMP flood detection

NOTE:

ICMP flood detection is mainly intended to protect servers and is usually configured for an internal zone.

From the navigation tree, select Intrusion Detection > Traffic Abnormality > ICMP Flood to enter the ICMP
flood detection configuration page, as shown in

Figure 11

. You can select a security zone and then view

and configure ICMP flood detection rules for the security zone.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals