Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual
Page 33
![background image](/files/813032/content/doc033.png)
25
Verifying the configuration
•
After a scanning attack packet is received from zone Untrust, SecPath should output alarm logs and
add the IP address of the attacker to the blacklist. You can select Intrusion Detection > Blacklist from
the navigation tree to view whether the attacker's IP address is on the blacklist.
•
If a host in zone Trust initiates 100 or more connections, SecPath should output alarm logs and
discard subsequent connection request packets from the host. You can select Intrusion Detection >
Statistics from the navigation tree to view how many times that a connection limit per source IP
address has been exceeded and the number of packets dropped.
•
If the number of connections to the server in the DMZ reaches or exceeds 10000, SecPath should
output alarm logs and discard subsequent connection request packets. You can select Intrusion
Detection > Statistics from the navigation tree to view how many times that a connection limit per
destination IP address has been exceeded and the number of packets dropped.
•
If a SYN flood attack is initiated to the DMZ, SecPath should output alarm logs and discard the
attack packets. You can select Intrusion Detection > Statistics from the navigation tree to view the
number of SYN flood attacks and the number of packets dropped.