Configuring a Zone Filter (AntiDDoS1820-N/Netflow Detection)

Create a filter and associate the Zone with the filter for in-depth detection of the Zone traffic.

Filter Category

The AntiDDoS1820-N provides seven types of filters: IP, TCP, UDP, HTTP, DNS, ICMP, and SIP filters. For details, see Table 1.

An IP filter can process all IP packets. Other filters can process only the packets of their own protocols. For example, an HTTP filter can process only HTTP packets.

A maximum of 128 filters can be configured on each device.

Table 1 Seven filters

Protocol

Filter By

IP protocol

Protocol, DSCP, packet length, number of packets, and number of bytes

TCP protocol

DSCP, TCP flag bit, source port, destination port, packet length, number of packets, and number of bytes

UDP protocol

DSCP, source port, destination port, packet length, number of packets, and number of bytes

ICMP protocol

DSCP, packet length, number of packets, and number of bytes

HTTP protocol

DSCP, TCP flag bit, source port, packet length, number of packets, and number of bytes

DNS protocol

DSCP, source port, packet length, number of packets, and number of bytes

SIP protocol

DSCP, source port, packet length, number of packets, and number of bytes

Filter Template

The ATIC provides 14 common filter templates by default.

DNS_Amplification

DNS amplification attack

Chargen_Amplification

Chargen amplification attack

SNMP_Amplification

SNMP amplification attack

TFTP_Amplification

TFTP amplification attack

NTP_Amplification

NTP amplification attack

NetBIOS_Amplification

NetBIOS amplification attack

SSDP_Amplification_Attack

SSDP amplification attack

QOTD_Amplification

QOTD amplification attack

Quake_Network_Protocol

Quake amplification attack

Steam_Protocol_Amplification

Steam amplification attack

Portmapper_Amplification

Portmapper amplification attack

Microsoft_SQL_Resolution_Service_Amplification

SQL resolution service amplification attack

RIPV1_Amplification_Attack

RIPV1 amplification attack

IPMI_Amplification_Attack

IPMI amplification attack

You can edit or delete templates as required.

Filter Matching Sequence

The filters in the list are matched from top to bottom. After a matching filter is found, the action defined in the filter is executed, and the matching ends. If no match is found, filters are matched top down again.

Management Operations

Choose Defense > Policy Settings > Filter > Zone Filter and configure a filter.

Operation

Description

Create

Click to create a filter. For details, see Creating a Filter.

Modify

Click in the Operation column and modify the filter in the Modify Filter dialog box.

Delete

Select the check box for a filter and click .

Search

Enter part of a filter name or the full name in Name and click .
Parent topic: Zone Filter
Copyright © Huawei Technologies Co., Ltd.