< Home

deception dns enable

Function

The deception dns enable command enables the unknown-domain-name deception function.

The undo deception dns enable command disables the unknown-domain-name deception function.

The unknown-domain-name deception function is disabled by default.

Format

deception dns enable

undo deception dns enable

Parameters

None

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

After the unknown-domain-name deception function is enabled, the DecoySensor identifies DNS requests on the network. When DNS requests are quickly sent from the same source IP address, it is suspected that domain name scanning is performed for obtaining the real intranet IP address. When the rate of domain name scans reaches the threshold and related information in the DNS reply packet indicates that the domain name does not exist, the DecoySensor automatically constructs and returns a DNS reply packet. The IP address in the DNS reply packet is the IP address in the bait network segment and is in the same network segment as the source address for sending the DNS request packet. The subsequent access and attack to this IP address will be deceived to the Decoy for in-depth interactive detection.

The deception operation is performed only after a bait network segment that is the same as the detected network segment is configured using deception decoy-network. If the bait network segment is not configured, the DecoySensor sends only domain name scan threshold-crossing logs.

The unknown-domain-name deception function takes effect only after the deception function is enabled using deception enable.

Example

# Enable the unknown-domain-name deception function.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception dns enable
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >