< Home

deception syn-connect rate

Function

The deception syn-connect rate command sets a TCP port scanning threshold.

The undo deception syn-connect rate command restores the TCP port scanning threshold to the default value.

By default, the TCP port scanning threshold is 100 times per second.

Format

deception syn-connect rate rate-number

undo deception syn-connect rate

Parameters

Parameter Description Value
rate-number

Specifies a TCP port scanning threshold.

The value is an integer in the range from 1 to 20000, in "times per second".

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

If the frequency of scanning a TCP port by a source IP address reaches the specified threshold, the switch considers the event to be a suspected attack. Once the switch detects that the scanned TCP port is unopened, it immediately lures the traffic to the Decoy for further detection.

Example

# Set the TCP port scanning threshold to 200 times per second.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception syn-connect rate 200
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >