10-26
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
Step 1 From the SCE> prompt, type show interface linecard 0 attack-filter query ((single-sided ip
ip-address)|(dual-sided source-IP source-ip-address destination-IP dest-ip-address)) [dest-port
portnumber] configured
and press Enter.
Examples
Example 1
This example shows a query for a single IP address.
SCE#>show interface linecard 0 attack-filter query single-sided ip 10.1.1.1 configured
Protocol|Side|Dir.|Action| Thresholds |don't- |force-|Sub- |Alarm
| | | |Open flows|Ddos-Susp. flows|filter|filter|notif|
| | | |rate |rate |ratio| | | |
--------|----|----|------|----------|----------|-----|----- |------|-----|-----
TCP |net.|src.|Report| 1000| 500| 50|No |No | No| No
TCP |net.|dst.|Report| 1000| 500| 50|No |No | No| No
TCP |sub.|src.|Report| 1000| 500| 50|No |No | No| No
TCP |sub.|dst.|Report| 1000| 500| 50|No |No | No| No
UDP |net.|src.|Report| 1000| 500| 50|No |No | No| No
UDP |net.|dst.|Report| 1000| 500| 50|No |No | No| No
UDP |sub.|src.|Report| 1000| 500| 50|No |No | No| No
UDP |sub.|dst.|Report| 1000| 500| 50|No |No | No| No
ICMP |net.|src.|Report| 500| 250| 50|No |No | No| No
ICMP |net.|dst.|Report| 500| 250| 50|No |No | No| No
ICMP |sub.|src.|Report| 500| 250| 50|No |No | Yes| No
| | | | | | | | | (1)|
ICMP |sub.|dst.|Report| 500| 250| 50|No |No | No| No
other |net.|src.|Report| 500| 250| 50|No |No | No| No
other |net.|dst.|Report| 500| 250| 50|No |No | No| No
other |sub.|src.|Report| 500| 250| 50|No |No | No| No
other |sub.|dst.|Report| 500| 250| 50|No |No | No| No
(N) below a value means that the value is set through attack-detector #N.
SCE#>
Example 2
This example shows a query for a single IP address, with a specified port.
SCE#>show interface linecard 0 attack-filter query single-sided ip 10.1.1.1 dest-port 21
configured
Protocol|Side|Dir.|Action| Thresholds |don't- |force-|Sub- |Alarm
| | | |Open flows|Ddos-Susp. flows|filter|filter|notif|
| | | |rate |rate |ratio| | | |
--------|----|----|------|----------|----------|-----|----- |------|-----|-----
TCP+port|net.|src.|Block | 1000| 500| 50|No |No | No| Yes
| | |(1) | | | | | | | (1)
TCP+port|net.|dst.|Report| 1000| 500| 50|No |No | No| No
TCP+port|sub.|src.|Block | 1000| 500| 50|No |No | No| Yes
| | |(1) | | | | | | | (1)
TCP+port|sub.|dst.|Report| 1000| 500| 50|No |No | No| No
UDP+port|net.|src.|Report| 1000| 500| 50|No |No | No| No
UDP+port|net.|dst.|Report| 1000| 500| 50|No |No | No| No
UDP+port|sub.|src.|Report| 1000| 500| 50|No |No | No| No
UDP+port|sub.|dst.|Report| 1000| 500| 50|No |No | No| No
(N) below a value means that the value is set through attack-detector #N.
SCE#>
To Next Page
Loading...
