ESR series service routers.ESR-Series. User manual
Set traffic direction:
esr(config-ips-category-rule)# direction one-way
The rule will trigger on packets larger than 1024 bytes:
esr(config-ips-category-rule)# payload data-size 1024
esr(config-ips-category-rule)# payload data-size comparison-operator greate r-than
The rule will trigger if the load on the server exceeds 3 Mbps, while an attack message will be generated not
more than once a minute:
3 Mbps = 3145728 bps
1KB packet = 8192 bits
3145728/8192 = 384 packet per second
384 * 60 = 23040 packets per minute
esr(config-ips-category-rule)# threshold count 23040
esr(config-ips-category-rule)# threshold second 60
esr(config-ips-category-rule)# threshold track by-dst
esr(config-ips-category-rule)# threshold type both
13.6.7 Extended user rules configuration algorithm
Step Description Command Keys
1 Specify a name and enter the
configuration mode of the
set of user rules.
esr(config)# security ips-
category user-defined
<WORD>
<WORD> – user rule set name, set by the string of
up to 32 characters.
2 Define a description of a set
of user rules (optional).
esr(config-ips-category)#
description
<DESCRIPTION>
<DESCRIPTION> – description, set by the string of
up to 255 characters.
3 Create extended rule and
switch to its configuration
mode.
esr(config-ips-category)#
rule-advanced <SID>
<SID> – rule number, takes values of
[1..4294967295].
4 Specify rule description
(optional).
esr(config-ips-category-
rule-advanced)#
description
<DESCRIPTION>
<DESCRIPTION> – description, set by the string of
up to 255 characters.
To Next Page
Loading...