< Home

deception fib-miss enable

Function

The deception fib-miss enable command enables the Route-Miss deception function.

The undo deception fib-miss enable command disables the Route-Miss deception function.

Format

deception fib-miss enable

undo deception fib-miss enable

Parameters

None

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

The Route-Miss deception function is disabled by default.

After the Route-Miss deception function is enabled, the DecoySensor analyzes the SYN packets and ping packets whose destination or source IP addresses are in the detected network segment. If the number of port scans sent from the same source address reaches the threshold and the DecoySensor does not have the next-hop route information of these packets, the DecoySensor performs the following operations:
  • If the Decoy supports the corresponding service request, the traffic is deceived to the Decoy for in-depth interactive detection.
  • If the Decoy does not support the corresponding service request, packets are discarded.

The Route-Miss deception function takes effect only after the deception function is enabled using deception enable.

Example

# Enable the Route-Miss deception function.

<FW> system-view
 [FW] deception
 [FW-deception] deception fib-miss enable
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >