11-11
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
Options
The following options are available:
• attack-detector — The attack detector being configured; in this case, the default attack detector.
• protocol — Defines the protocol to which the default attack detector applies.
• attack-direction — Defines whether the default attack detector applies to single sided or dual sided
attacks.
• destination port {TCP and UDP protocols only) — Defines whether the default attack detector
applies to port-based or port-less detections.
• side — Defines whether the default attack detector applies to attacks originating at the subscriber
or network side.
• action — Default action:
–
report (default) — Report beginning and end of the attack by writing to the attack-log.
–
block — Block all further flows that are part of this attack, the SCE platform drops the packets.
• Thresholds :
–
open-flows-rate — Default threshold for rate of open flows. suspected-flows-rate — Default
threshold for rate of suspected DDoS flows.
–
suspected-flows-ratio — Default threshold for ratio of suspected flow rate to open flow rate.
• Use the appropriate keyword to enable or disable subscriber notification by default:
–
notify-subscriber — Enable subscriber notification.
–
don't-notify-subscriber — Disable subscriber notification.
• Use the appropriate keyword to enable or disable sending an SNMP trap by default:
–
alarm — Enable sending an SNMP trap.
–
no-alarm — Disable sending an SNMP trap.
How to Define the Default Action and Optionally the Default Thresholds
Defaults
The default values for the default attack detector are:
• Action — Report
• Thresholds — Varies according to the attack type
• Subscriber notification — Disabled
• Sending an SNMP trap — Disabled
To Next Page
Loading...
