< Home

deception dns-request rate

Function

The deception dns-request rate command sets the domain name scan threshold.

The undo deception dns-request rate command restores the default domain name scan threshold.

By default, the domain name scan threshold is 5 scans per second.

Format

deception dns-request rate rate-number

undo deception dns-request rate

Parameters

Parameter Description Value
rate-number

Specifies the domain name scan threshold.

The value is an integer ranging from 1 to 20000, in scans per second.

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

When the rate of domain name scans sent from the same source IP address reaches the threshold and related information carried in the DNS reply packet indicates that the domain name does not exist, the DecoySensor determines that it is an attack. The DecoySensor automatically constructs and returns a DNS reply packet. The IP address corresponding to the domain name in the constructed DNS reply packet is the IP address in the bait network segment, and is in the same network segment as the source address for sending the DNS request packet. The subsequent access and attack to this IP address will be deceived to the Decoy.

Example

# Set the domain name scan threshold to 300 scans per second.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception dns-request rate 300
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >