No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, NetStream, sFlow, TWAMP Light, NETCONF, ECA, Intelligent Video O&M, eMDI, and Network Deception.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Deploying a DecoySensor

Deploying a DecoySensor

Context

A DecoySensor identifies scanning behavior on an intranet, and lures suspicious traffic to a Decoy. The Decoy provides in-depth interaction services to further determine whether suspicious traffic is an attack.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run deception

    The deception view is created and displayed.

  3. Run deception decoy destination destination-ip [ source source-ip ] [ vpn-instance vpn-instance-name ] [ slave destination destination-ip [ source source-ip ] [ vpn-instance vpn-instance-name ] ]

    An IP address is configured for the Decoy.

  4. Configure a detected network segment and a bait network segment, or at least one of them (otherwise, the deception function does not take effect).
    1. Run deception detect-network id id-number ip-address mask [ vpn-instance vpn-instance-name ]

      A detected network segment is configured.

      By default, no detected network segment is configured on the switch.

    2. Run deception decoy-network id id-number destination ip-address [ mask ] [ destination-port port &<1-20> ] [ vpn-instance vpn-instance-name ]

      A bait network segment is configured.

      By default, no bait network segment is configured on the switch.

  5. (Optional) Run deception mode strict

    The strict deception mode is enabled.

    By default, the strict deception mode is disabled.

  6. (Optional) Run deception arp-request rate rate-number

    The IP address scanning threshold is configured.

    By default, the IP address scanning threshold is 10 times per 10 seconds.

  7. (Optional) Run deception syn-connect rate rate-number

    The TCP port scanning threshold is configured.

    By default, the TCP port scanning threshold is 100 times per second.

  8. (Optional) Run deception whitelist id id-number { destination | source } ip-address [ mask ] [ vpn-instance vpn-instance-name ]

    The deception whitelist is configured.

    By default, no deception whitelist is configured on the switch.

  9. (Optional) Run deception ip-state detect rate rate-number

    The frequency of scanning IP addresses by the switch is configured.

    By default, the switch scans IP addresses 30 times per second.

  10. (Optional) Run deception mac-address aging-time aging-time

    The interval at which the switch sends an ARP broadcast packet is configured.

    By default, the switch sends an ARP broadcast packet at an interval of 290 seconds.

  11. Run deception enable

    The deception function is enabled.

    By default, the deception function is disabled.

Verifying the Configuration

  • Run the display deception version command in any view to check the DecoySensor version.
  • Run the display deception decoy status command in any view to check the registration status of the switch on the Decoy.
  • Run the display deception detect-network [ id id-number ] command in any view to check the detected network segment.
  • Run the display deception decoy-network [ id id-number ] command in any view to check the bait network segment.
  • Run the display deception whitelist [ id id-number ] command in any view to check the deception whitelist.
  • Run the display deception interface command in any view to check information about all deception-enabled interfaces.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065680

Views: 59166

Downloads: 516

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next