EasyManuals Logo

Cisco SCE8000 Configuration Guide

Cisco SCE8000
262 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #204 background imageLoading...
Page #204 background image
10-16
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
How to Disable All Attack Detectors
Use the following command to disable all attack detectors, configuring them to use the default values.
Step 1 From the SCE(config if)# prompt, type default attack-detector all and press Enter.
Disables all attack detectors.
Sample Attack Detector Configuration
The following configuration changes the default user threshold values used for detecting ICMP attacks,
and configures an attack-detector with high thresholds for UDP attacks, preventing false detections of
two DNS servers (10.1.1.10 and 10.1.1.13) as being attacked.
Step 1 From the SCE(config)# prompt, type interface linecard 0 and press Enter.
Enters linecard interface configuration mode
Step 2 From the SCE(config if)# prompt, type attack-detector default protocol ICMP attack-direction
single-side-source side both action report open-flow-rate 1000 suspected-flows-rate 100
suspected-flows-ratio 10 and press Enter.
Configures the default ICMP threshold and action.
Step 3 From the SCE(config if)# prompt, type attack-detector 1 access-list 3 comment "DNS servers" and
press Enter.
Enables attack detector #1 and assigns ACL #3 to it.
Step 4 From the SCE(config if)# prompt, type attack-detector 1 UDP-ports-list 53
Defines the list of UDP destination ports for attack detector #1 with one port, port 53
Step 5 From the SCE(config if)# prompt, type attack-detector 1 protocol UDP dest-port specific
attack-direction
single-side-destination side both action report open-flow-rate 1000000
suspected-flows-rate 1000000 and press Enter.
Defines the thresholds and action for attack detector #1.
Step 6 From the SCE(config if)# prompt, type attack-detector 1 protocol UDP dest-port specific
attack-direction
single-side-destination side subscriber notify-subscriber and press Enter.
Enables subscriber notification for attack detector #1.
Step 7 From the SCE(config if)# prompt, type exit and press Enter.
Exits the linecard interface configuration mode.
Step 8 Configure ACL #3, which has been assigned to the attack detector.
SCE(config)# access-list 3 permit 10.1.1.10
SCE(config)# access-list 3 permit 10.1.1.13

Table of Contents

Other manuals for Cisco SCE8000

Preview: Quick Start Guide
Quick Start Guide24 pages
Preview: Removal And Replacement Procedures
Removal And Replacement Procedures36 pages
Preview: Installing
Installing20 pages
Preview: Installation And Configuration Guide
Installation And Configuration Guide154 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco SCE8000 and is the answer not in the manual?

Cisco SCE8000 Specifications

General IconGeneral
BrandCisco
ModelSCE8000
CategoryNetwork Hardware
LanguageEnglish

Related product manuals