Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring IP Sweep Attack Screen

 

This topic describes how to configure detection of an IP sweep attack.

An address sweep occurs when one source IP address sends a defined number of ICMP packets to different hosts within a defined time interval (5000 microseconds is the default value). The purpose of this attack is to send ICMP packets—typically echo requests—to various hosts in the hope that at least one replies, thus uncovering an address to target.

To enable detection of an IP sweep attack:

  1. Configure interfaces and assign an IP address to interfaces.
  2. Configure security zones trustZone and untrustZone and assign interfaces to them.
  3. Configure security policies from untrustZone to trustZone.
  4. Configure security screens and attach them to untrustZone.
  5. Configure syslog.
  6. Commit the configuration.