< Home

deception arp-miss enable

Function

The deception arp-miss enable command enables the ARP-Miss deception function.

The undo deception arp-miss enable command disables the ARP-Miss deception function.

Format

deception arp-miss enable

undo deception arp-miss enable

Parameters

None

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

The ARP-Miss deception function is disabled by default.

After the ARP-Miss deception function is enabled, the DecoySensor analyzes the SYN packets and ping packets whose destination IP addresses are in the detected network segment. If the number of port scans sent from the same source address reaches the threshold and the destination address is offline in the DecoySensor's IP address online status table, the DecoySensor performs the following operations:
  • If the Decoy supports the corresponding service request, the traffic is deceived to the Decoy for in-depth interactive detection.
  • If the Decoy does not support the corresponding service request, packets are discarded.

You can run the display deception ip-state command to view the IP address online status table.

The ARP-Miss deception function takes effect only after the deception function is enabled using deception enable.

Example

# Enable the ARP-Miss deception function.

<FW> system-view
 [FW] deception
 [FW-deception] deception arp-miss enable
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >