Virus Throttling
Basic Connection-Rate Filtering Configuration
Configuring the Per-Port Filtering Mode
Syntax: filter connection-rate < port-list > < notify-only | throttle | block >
no filter connection-rate < port-list >
Configures the per-port policy for responding to detection of a
relatively high number of inbound, routed IP connection
attempts from a given source. The level at which the switch
detects such traffic depends on the sensitivity setting config-
ured by the connection-rate-filter sensitivity command (page
3-12). (Note: You can use connection-rate ACLs to create excep-
tions to the configured filtering policy. See
“Configuring and
Applying Connection-Rate ACLs” on page 3-20.) The no form of
the command disables connection-rate filtering on the ports in #
< port-list >.
notify-only: If the switch detects a relatively high number of
routed IP connection attempts from a specific host, notify-only
generates an Event Log message. Sends a similar message to
any SNMP trap receivers configured on the switch.
throttle: If the switch detects a relatively high number of routed
IP connection attempts from a specific host, this option gener-
ates the notify-only messaging and also blocks all routed traffic
inbound from the offending host for a penalty period. After the
penalty period, the switch allows routed traffic from the offend-
ing host to resume, and re-examines the traffic. If the suspect
behavior continues, the switch again blocks the routed traffic
from the offending host and repeats the cycle. For the penalty
periods, refer to table
9-1, below.
block: If the switch detects a relatively high number of routed
IP connection attempts from a specific host, this option gener-
ates the notify-only messaging and also blocks all routed and
switched traffic inbound from the offending host.
Table 9-1. Throttle Mode Penalty Periods
Throttle Mode Frequency of IP
Connection Requests
from the Same Source
Mean Number of New
Destination Hosts in the
Frequency Period
Penalty Period
Low < 0.1 second 54 < 30 seconds
Medium < 1.0 second 37 30 - 60 seconds
High < 1.0 second 22 60 - 90 seconds
Aggressive < 1.0 second 15 90 - 120 seconds
3-13
To Next Page
Loading...
Need help?
General
