For the packet capture files of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched, you can obtain attack sources by tracing a packet capture file. Suspicious IP address can also be blacklisted for effective attack defense.
Prerequisites
The packet capture task of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched has been created and enabled.
Procedure
- Choose .
- Click the Packet Capture File tab.
- Click
of a packet capture file in the Operation column to trace attack sources.
- On the Trace Source page, view the result of attack source tracing. For parameter settings, see Table 1.
Table 1 Attack source tracing parameters Parameter Description Number of Packets Indicates the number of packets sent during attacks. Number of Source IP Addresses Indicates the number of the source IP addresses of attackers. Source IP Address Indicates the source IP address of the attacker. Protocol Type Indicates the protocol type of attack packets. Destination Port Indicates the destination port of attack packets. Attack Times Indicate the number of attacks launched by the attacker. - Optional: Select one or more check boxes of attack records and click Add Items to Blacklist. Suspicious IP addresses are displayed in the blacklist of this Zone. The blacklist entries take effect after deployment
on NEs. For details on the deployment process, see Deploying the Defense Policy.
NOTE: Blacklist is enabled for Zones. Attack sources are traced for packets captured after Zone Attack Matched and Zone Anomaly Matched are enabled. Then the attack sources can be blacklisted. - Click Close. Return to the Packet Capture File page.