Set traffic direction:
esr(config-ips-category-rule)# direction one-way
The rule will trigger on packets larger than 1024 bytes:
esr(config-ips-category-rule)# payload data-size 1024
esr(config-ips-category-rule)# payload data-size comparison-operator greate r-than
The rule will trigger if the load on the server exceeds 3 Mbps, while an attack message will be generated not
more than once a minute:
3 Mbps = 3145728 bps
1KB packet = 8192 bits
3145728/8192 = 384 packet per second
384 * 60 = 23040 packets per minute
esr(config-ips-category-rule)# threshold count 23040
esr(config-ips-category-rule)# threshold second 60
esr(config-ips-category-rule)# threshold track by-dst
esr(config-ips-category-rule)# threshold type both
13.6.7 Extended user rules configuration algorithm
S
t
e
p
Description Command Keys
1 Specify a name and enter the
configuration mode of the set of
user rules.
esr(config)# security ips-
category user-defined
<WORD>
<WORD> – user rule set name, set by the
string of up to 32 characters.
2 Define a description of a set of
user rules (optionally).
esr(config-ips-category)#
description <DESCRIPTION>
<DESCRIPTION> – description, set by the
string of up to 255 characters.
3 Create extended rule and switch to
its configuration mode.
esr(config-ips-category)#
rule-advanced <SID>
<SID> – rule number, takes values of
[1..4294967295].
4 Specify rule description (optional). esr(config-ips-category-rule-
advanced)# description
<DESCRIPTION>
<DESCRIPTION> – description, set by the
string of up to 255 characters.
To Next Page
Loading...
Need help?
General
