Configuring dns flood detection – H3C Technologies H3C SecPath F1000-E User Manual
Page 23
15
Item
Description
Action Threshold
Set the protection action threshold for UDP flood attacks that
target the protected host.
If the sending rate of UDP packets destined for the specified IP
address constantly reaches or exceeds this threshold, the
firewall enters the attack protection state and takes attack
protection actions as configured.
Silent Threshold
Set the silent threshold for actions that protect against UDP
flood attacks targeting the protected host.
If the sending rate of UDP packets destined for the specified IP
address drops below this threshold, the firewall returns to the
attack detection state and stops the protection actions.
Global Configuration
of Security Zone
Action Threshold
Set the protection action threshold for UDP flood attacks that
target a host in the protected security zone.
If the sending rate of UDP packets destined for a host in the
security zone constantly reaches or exceeds this threshold, the
firewall enters the attack protection state and takes attack
protection actions as configured.
Silent Threshold
Set the silent threshold for actions that protect against UDP
flood attacks targeting a host in the protected security zone.
If the sending rate of UDP packets destined for a host in the
security zone drops below this threshold, the firewall returns to
the attack detection state and stops the protection actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
Configuring DNS flood detection
NOTE:
DNS flood detection is mainly intended to protect servers and is usually configured for an internal zone.
From the navigation tree, select Intrusion Detection > Traffic Abnormality > DNS Flood to enter the DNS
flood detection configuration page, as shown in
. You can select a security zone and then view
and configure DNS flood detection rules for the security zone.