< Home

deception mode strict

Function

The deception mode strict command enables the strict deception mode.

The undo deception mode command disables the strict deception mode.

By default, the strict deception mode is not used.

Format

deception mode strict

undo deception mode

Parameters

None

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

Fixed networking and stable servers are prerequisites for the strict deception mode. After the strict deception mode is set, the switch immediately lures the traffic destined for offline IP addresses or unopened TCP ports to the Decoy for further detection.

In non-strict mode, deception is performed only when the following conditions are met:
  • The IP scanning or TCP port scanning frequency initiated by an IP address reaches the specified threshold.
  • An offline IP address or unopened TCP port is scanned.

Example

# Enable the strict deception mode.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception mode strict
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >