deception whitelist

Function

The deception whitelist command sets a deception whitelist.

The undo deception whitelist command deletes a deception whitelist.

By default, there is no deception whitelist.

deception whitelist id id-number { destination | source } ip-address [ mask ] [ vpn-instance vpn-instance-name ]

undo deception whitelist { all | id id-number }

Parameter	Description	Value
id id-number	Specifies a whitelist ID.	The value is an integer in the range from 1 to 50.
destination	Indicates the destination IP address whitelist.	-
source	Indicates the source IP address whitelist.	-
ip-address [ mask ]	Adds a specified IP address or IP address segment to the deception whitelist. ip-address specifies an IP address. mask specifies the subnet mask of the IP address segment.	The value is in dotted decimal notation.
vpn-instance vpn-instance-name	Specifies the VPN instance of the whitelisted IP address.	The VPN instance must be an existing one on the device.
all	Indicates all whitelists.	-

Deception view

2: Configuration level

You can configure destination IP address whitelists and source IP address whitelists:

Source IP address whitelist: If the source IP address of scanning packets is in the source IP address whitelist, the device does not lure the scanning packets sent from this IP address to the Decoy. The addresses of devices that proactively detect the network (such as the NMS) can be whitelisted to prevent deception.
Destination IP address whitelist: If the destination IP address of scanning packets is in the destination IP address whitelist, the device does not lure the scanning packets sent to this IP address to the Decoy. The addresses of devices that do not respond to ARP requests or port connection requests (such as traditional printers) can be whitelisted to prevent deception.

# Add 10.1.1.10 to destination IP address whitelist.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception whitelist id 1 destination 10.1.1.10