For the packet capture files of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched, you can obtain attack sources by tracing a packet capture file. Suspicious IP address can also be blacklisted for effective attack defense.
Prerequisites
The packet capture task of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched has been created and enabled.
Procedure
- Choose .
- Click the Packet Capture File tab.
- Click
of a packet capture file in the Operation column
to trace attack sources.
- On the Trace Source page, view the
result of attack source tracing. For parameter settings, see Table 1.
Table 1 Attack source tracing parameters Parameter Description Source IP Address Indicates the source IP address of the attacker. Protocol Type Indicates the protocol type of attack packets. Destination Port Indicates the destination port of attack packets. Number of Attack Packets Indicates the number of packets sent during attacks. - Optional: Select one or more check boxes of
attack records and click Add Items to Blacklist. Suspicious IP addresses are displayed in the blacklist of this
Zone. The blacklist entries take effect after deployment on NEs. For
details on the deployment process, see Deploying the Defense Policy.
NOTE: Blacklist is enabled for Zones. Attack sources are traced for packets captured after Zone Attack Matched and Zone Anomaly Matched are enabled. Then the attack sources can be blacklisted. - Click Close. Return to the Packet Capture File page.