The deception aci enable command enables the Access Control Isolation (ACI) deception function.
The undo deception aci enable command disables the ACI deception function.
The ACI deception function is disabled by default.
deception aci detect-network { id id-number | all } enable
undo deception aci detect-network { id id-number | all } enable
| Parameter | Description | Value |
|---|---|---|
| id id-number | Specifies the ID of a network segment to be detected. |
The value is an integer ranging from 1 to 50. |
| all | Specifies all network segments to be detected. |
- |
ACI is an isolation scheme for controlling intranet communication through DNS access. After this function is enabled, the source or destination address in the detected network segment must be accessed through the domain name. If the IP address is directly accessed or the IP address that does not exist is accessed, traffic is deceived to the Decoy.
The DecoySensor parses DNS reply packets and establishes mappings between the source addresses of DNS request packets and the IP addresses corresponding to the domain names in DNS reply packets (that is, the ACI table). Subsequent TCP SYN packets and ICMP ping packets will match the ACI table. Traffic that fails to match the table is deceived to the Decoy for in-depth interactive detection.
ACI also supports the configuration of an ACI suffix using the deception aci suffix command. The default value is aci. An ACI suffix functions as an intranet access key. For example, if the IP address of the server in the detected network segment is 192.168.1.1, the server must be accessed through 192.168.1.1.aci if the default ACI suffix is used. If the IP address of the server is directly accessed or the IP address with an incorrect ACI suffix is accessed, traffic is deceived to the Decoy for in-depth interactive detection.
The ACI deception function takes effect only after the deception function is enabled using deception enable.