11-21
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
How to Configure a force-filter Setting for a Specified Situation
Step 1 From the SCE(config if)# prompt, type attack-filter force-filter action (block|report) protocol
(((TCP|UDP) [dest-port (port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address )|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address )) side
(subscriber|network|both)[notify-subscriber]
and press Enter.
How to Remove a force-filter Setting from a Specified Situation
Step 1 From the SCE(config if)# prompt, type no attack-filter force-filter protocol (((TCP|UDP) [dest-port
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address )|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address )) side (subscriber|network|both) and press Enter.
How to Remove All force-filter Settings
Step 1 From the SCE(config if)# prompt, type no attack-filter force-filter all and press Enter.
Monitoring Attack Filtering
• Monitoring Attack Filtering Using SNMP Traps, page 11-21
• Monitoring Attack Filtering Using CLI Commands, page 11-23
• The Attack Log, page 11-29
There are three options for monitoring attack filtering and detection:
• CLI show commands
• SNMP attack detection traps
• Attack log
Monitoring Attack Filtering Using SNMP Traps
The system sends a trap at the start of a specific attack detection event, and also when a specific detection
event ends, as follows:
• STARTED_FILTERING trap – String with the attack information
• STOPPED_FILTERING
–
String with the attack information
–
String with the reason for stopping
To Next Page
Loading...
