deception detect-network

Function

The deception detect-network command sets a network segment detected by the deception system.

The undo deception detect-network command deletes the detected network segment.

By default, no detected network segment is configured on the switch.

Format

deception detect-network id id-number ip-address mask [ vpn-instance vpn-instance-name ]

undo deception detect-network { all | id id-number }

Parameters

Parameter	Description	Value
id id-number	Specifies the ID of a detected network segment.	The value is an integer in the range from 1 to 50.
ip-address	Specifies the IP address of the detected network segment.	The value is in dotted decimal notation.
mask	Specifies the subnet mask of the detected network segment.	The value is in dotted decimal notation.
vpn-instance vpn-instance-name	Specifies the VPN instance of the detected network segment.	The VPN instance must be an existing one on the device.
all	Indicates that all network segments are detected for deception.	-

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The detected network segment is protected by the deception system:

IP address scanning: Deception is triggered only when the destination IP address of scanning packets is on the detected network segment.
TCP port scanning: Deception is triggered when the source or destination IP address of scanning packets is on the detected network segment.

Precautions

If you have configured a bait network segment using the deception decoy-network command, deception is triggered when the IP addresses on the bait network segment are scanned, with no need to configure these IP addresses in the detected network segment.

Example

# Configure the deception system to detect the network segment 10.1.1.0/24.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception detect-network id 1 10.1.1.0 255.255.255.0