•
•
•
Step Description Command Keys
34 Specify threshold handling method. esr(config-ips-category-rule)#
threshold type
{threshold | limit | both }
threshold – display a
message every time a
threshold is reached.
limit – issue a message
no more than <COUNT>
times per time interval
<SECOND>.
both – threshold and
limit combination.
A message will be generated if
during the <SECOND> time
interval there were <COUNT> or
more packets matching the rule
conditions, and the message
will be sent only once during
the <SECOND> time interval.
35 Activate a rule. esr(config-ips-category-rule)#
enable
13.6.6 Basic user rules configuration example
Objective:
Write a rule to protect a server with IP 192.168.1.10 from a DOS attack by large ICMP packets.
Solution:
Create a set of user rules:
esr(config)# security ips-category user-defined USER
Create a rule to protect against attack:
esr(config-ips-category)# rule 10
esr(config-ips-category-rule)# description «Big ICMP DoS»
We will drop packets:
esr(config-ips-category-rule)# action drop
Configure attack message:
esr(config-ips-category-rule)# meta log-message «Big ICMP DoS»
esr(config-ips-category-rule)# meta classification-type successful-dos
To Next Page
Loading...
