CHAPTER
10-1
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
10
Identifying and Preventing
Distributed-Denial-Of-Service Attacks
This module describes the ability of the SCE platform to identify and prevent DDoS attacks, and the
various procedures for configuring and monitoring the Attack Filter Module.
• Attack Filtering and Attack Detection, page 10-1
• Configuring Attack Detectors, page 10-6
• Subscriber Notifications, page 10-17
• Preventing and Forcing Attack Detection, page 10-18
• Monitoring Attack Filtering, page 10-20
Attack Filtering and Attack Detection
• Attack Filtering, page 10-1
• Specific Attack Filtering, page 10-2
• Attack Detection, page 10-3
• Attack Detection Thresholds, page 10-4
• Attack Handling, page 10-4
• Hardware Filtering, page 10-5
Attack Filtering
The SCE platform includes extensive capabilities for identifying DDoS attacks, and protecting against
them.
Attack filtering is performed using specific-IP attack detectors. A specific-IP attack detector tracks the
rate of flows (total open and total suspected) in the SCE platform for each combination of IP address (or
pair of IP addresses), protocol (TCP/UDP/ICMP/Other), destination port (for TCP/UDP), interface and
direction. When the rates satisfy user-configured criteria, it is considered an attack, and a configured
action can take place (report/block, notify subscriber, send SNMP trap).
This mechanism is enabled by default, and can be disabled and enabled for each attack type
independently.
To Next Page
Loading...
Need help?
General
