11-23
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
• 'protocol'
–
TCP
–
UDP
–
ICMP
–
other
• 'rate1' and 'rate2' are numbers
• 'duration' is a number.
• 'total-flows' is one of the following strings, depending on the attack action:
–
If 'action' is block: 'number' flows blocked.
–
If 'action' is report: attack comprised of 'number' flows.
• 'hw-filter'
–
If the attack was not filtered by a hardware filter: empty string
–
If the attack was filtered by a hardware filter: HW filters used, actual attack duration is probably
smaller than reported above, actual amount of flows handled is probably larger than reported
above.
Monitoring Attack Filtering Using CLI Commands
• How to display a specified attack detector configuration, page 11-24
• How to display the default attack detector configuration, page 11-25
• How to display all attack detector configurations, page 11-26
• How to display filter state (enabled or disabled), page 11-26
• How to display configured threshold values and actions, page 11-26
• How to display the current counters, page 11-28
• How to display all currently handled attacks, page 11-28
• How to display all existing force-filter settings, page 11-28
• How to display all existing don't-filter settings, page 11-28
• How to display the list of ports selected for subscriber notification, page 11-29
• How to find out whether hardware attack filtering has been activated, page 11-29
Use these commands to monitor attack detection and filtering:
• show interface linecard 0 attack-detector
• show interface linecard 0 attack-filter
• show interface linecard 0 attack-filter query
• show interface linecard 0 attack-filter current-attacks
• show interface linecard 0 attack-filter don't-filter
• show interface linecard 0 attack-filter force-filter
• show interface linecard 0 attack-filter subscriber-notification ports
To Next Page
Loading...
