ESR series service routers.ESR-Series. User manual
13.6.6 Basic user rules configuration example
Objective:
Write a rule to protect a server with IP 192.168.1.10 from a DOS attack by large ICMP packets.
Solution:
Create a set of user rules:
esr(config)# security ips-category user-defined USER
Create a rule to protect against attack:
esr(config-ips-category)# rule 10
esr(config-ips-category-rule)# description "Big ICMP DoS"
We will drop packets:
esr(config-ips-category-rule)# action drop
Configure attack message:
esr(config-ips-category-rule)# meta log-message "Big ICMP DoS"
esr(config-ips-category-rule)# meta classification-type successful-dos
Specify protocol type for the rule:
esr(config-ips-category-rule)# protocol icmp
Sinceicmp protocol was specified, 'any' should be specified as the port of the sender and recipient:
esr(config-ips-category-rule)# source-port any
esr(config-ips-category-rule)# destination-port any
We will indicate our server as the recipient address:
esr(config-ips-category-rule)# destination-address ip 192.168.1.10
Attacker can send packets from any address:
esr(config-ips-category-rule)# source-address any
To Next Page
Loading...