display deception port-state

Function

The display deception port-state command displays the port openness status of a service host.

Format

display deception port-state [ ip-address ]

Parameters

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When a service host is busy, it responds with the RST-ACK packet even to normal TCP access. As a result, the DecoySensor incorrectly considers that the host port is not opened and deceives normal traffic. The DecoySensor records the port openness status based on the SYN-ACK packet returned by the service host and saves the record for 24 hours, until the record ages naturally or updated when a new SYN-ACK packet is generated. During this period, even if the DecoySensor receives the RST-ACK packet from the corresponding port, it does not deceive the traffic.

The DecoySensor records only the port openness status for TCP access requests whose destination IP addresses are in the detected network segment. The prerequisite for the DecoySensor to record the port openness status is that the in-depth interaction services must be supported by the Decoy.

The reset deception port-state command clears the current port openness status.

Examples

# Display the port openness status of a service host.

<HUAWEI> display deception port-state
  --------------------------------------------------------------------------------
 Current total number = 2                                                         
-------------------------------------------------------------------------------- 
ip-address    :192.168.1.1 
vpn-instance  :public port    state   time_out(h) 
80      open    24 
8080    open    24 
445     open    24  

ip-address    :192.168.1.2 
vpn-instance  :public 
port    state   time_out(h) 
80      open    24 
8080    open    24 
445     open    2