EasyManuals Logo

Cisco SCE8000 Configuration Guide

Cisco SCE8000
262 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #198 background imageLoading...
Page #198 background image
10-10
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
How to Disable Specific-IP Detection for Protocols Other than TCP, UDP, and ICMP for all Attack
Directions
Step 1 From the SCE(config if)# prompt, type no attack-filter protocol other and press Enter.
How to Disable Specific-IP Detection for ICMP for Single-sided Attacks Defined by the Source IP
Step 1 From the SCE(config if)# prompt, type no attack-filter protocol ICMP attack-direction
single-side-source
and press Enter.
Configuring the Default Attack Detector
• Options, page 10-10
• How to Define the Default Action and Optionally the Default Thresholds, page 10-11
• How to Reinstate the System Defaults for a Selected Set of Attack Types, page 10-12
• How to Reinstate the System Defaults for All Attack Types, page 10-12
Use these commands to configure the values for the default attack detector for the following parameters:
• Attack handling action
• Thresholds
• Subscriber notification
• Sending an SNMP trap
If a specific attack detector is defined for a particular attack type, it will override the configured default
attack detector.
Options
The following options are available:
• attack-detector — The attack detector being configured; in this case, the default attack detector.
• protocol — Defines the protocol to which the default attack detector applies.
• attack-direction — Defines whether the default attack detector applies to single sided or dual sided
attacks.
• destination port {TCP and UDP protocols only) — Defines whether the default attack detector
applies to port-based or port-less detections.
• side — Defines whether the default attack detector applies to attacks originating at the subscriber
or network side.
• action — Default action:
–
report (default) — Report beginning and end of the attack by writing to the attack-log.
–
block — Block all further flows that are part of this attack, the SCE platform drops the packets.

Table of Contents

Other manuals for Cisco SCE8000

Preview: Quick Start Guide
Quick Start Guide24 pages
Preview: Removal And Replacement Procedures
Removal And Replacement Procedures36 pages
Preview: Installing
Installing20 pages
Preview: Installation And Configuration Guide
Installation And Configuration Guide154 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco SCE8000 and is the answer not in the manual?

Cisco SCE8000 Specifications

General IconGeneral
BrandCisco
ModelSCE8000
CategoryNetwork Hardware
LanguageEnglish

Related product manuals