10-20
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
How to Configure a force-filter Setting for a Specified Situation
Step 1 From the SCE(config if)# prompt, type attack-filter force-filter protocol (((TCP|UDP) [dest-port
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip
ip-address)|(dual-sided source-ip
source-ip-address destination-ip
dest-ip-address)) side
(subscriber|network|both)[notify-subscriber] and press Enter.
How to Remove a force-filter Setting from a Specified Situation
Step 1 From the SCE(config if)# prompt, type no attack-filter force-filter protocol (((TCP|UDP) [dest-port
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address)|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address)) side (subscriber|network|both) and press Enter.
How to Remove All force-filter Settings
Step 1 From the SCE(config if)# prompt, type no attack-filter force-filter all and press Enter.
Monitoring Attack Filtering
• Monitoring Attack Filtering Using SNMP Traps, page 10-20
• Monitoring Attack Filtering Using CLI Commands, page 10-22
• Viewing the Attack Log, page 10-28
There are three options for monitoring attack filtering and detection:
• CLI show commands
• SNMP attack detection traps
• Attack log
Monitoring Attack Filtering Using SNMP Traps
The system sends a trap at the start of a specific attack detection event, and also when a specific detection
event ends, as follows:
• STARTED_FILTERING trap – String with the attack information
• STOPPED_FILTERING
–
String with the attack information
–
String with the reason for stopping
To Next Page
Loading...
