Cisco 11503 - CSS Content Services Switch - Displaying Dos Configurations

To Next Page

To Previous Page

5-25

Cisco Content Services Switch Administration Guide

OL-5647-02

Chapter 5 Configuring Simple Network Management Protocol (SNMP)

Configuring Denial of Service (DoS)

The dos_attack_type variable is the type of DoS attack event to trap. The options

include:

• dos-illegal-attack - Generates traps for illegal addresses, either source or

destination. Illegal addresses are loopback source addresses, broadcast source

addresses, loopback destination addresses, multicast source addresses, or

source addresses that you own. The default trap threshold for this type of

attack is 1 per second.

• dos-land-attack - Generates traps for packets that have identical source and

destination addresses. The default trap threshold for this type of attack is

1 per second.

• dos-smurf-attack - Generates traps when the number of pings with a

broadcast destination address exceeds the threshold value. The default trap

threshold for this type of attack is 1 per second.

• dos-syn-attack - Generates traps when the number of TCP connections that

are initiated by a source, but not followed with an acknowledgment (ACK)

frame to complete the 3-way TCP handshake, exceeds the threshold value.

The default trap threshold for this type of attack is 10 per second.

Use the trap-threshold option to override a default trap threshold. For the

threshold_value, enter a number from 1 to 65535.

For example, to enable the CSS to generate traps for packets that have identical

source and destination addresses, enter:

(config)# snmp trap-type enterprise dos-land-attack

To prevent the CSS from generating DoS attack event traps, enter:

(config)# no snmp trap-type enterprise dos_attack_type

Displaying DoS Configurations

Use the show dos command to display detailed information about DoS attacks on

each CSS Session Processor (SP). The show dos command displays the following

information:

• The total number of attacks since booting the CSS

• The types of attacks and the maximum number of these attacks per second

• The first and last occurrence of an attack

• The source and destination IP addresses

Cisco 11503 - CSS Content Services Switch