10-9
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
By default, specific-IP detection is enabled for all attack types. You can configure specific IP detection
to be enabled or disabled for a specific, defined situation only, depending on the following options:
• For a selected protocol only.
• For TCP and UDP protocols, for only port-based or only port-less detections.
• For a selected attack direction, either for all protocols or for a selected protocol.
Options
The following options are available:
• protocol — The specific protocol for which specific IP detection is to be enabled or disabled.
–
Default — all protocols (no protocol specified)
• attack direction — Defines whether specific IP detection is enabled or disabled for single sided or
dual sided attacks.
–
Default — all directions
• destination port (TCP and UDP protocols only) — Defines whether specific IP detection is enabled
or disabled for port-based or port-less detections.
–
Default — both port-based or port-less
• Use the no form of the command to disable the configured specific-IP detection.
How to Enable Specific-IP Detection
Step 1 From the SCE(config if)# prompt, type attack-filter [protocol (((TCP|UDP) [dest-port
(specific|not-specific|both)])|ICMP|other)] [attack-direction
(single-side-source|single-side-destination|single-side-both|dual-sided|all)]
and press Enter.
How to Enable Specific-IP Detection for the TCP Protocol Only for all Attack Directions
Step 1 From the SCE(config if)# prompt, type attack-filter protocol TCP and press Enter.
How to Enable Specific-IP Detection for the TCP Protocol for Port-based Detections Only for
Dual-sided Attacks
Step 1 From the SCE(config if)# prompt, type attack-filter protocol TCP dest-port specific attack-direction
dual-sided
and press Enter.
To Next Page
Loading...
