426
# Enable traffic statistics based on destination IP address.
[Router-GigabitEthernet1/1] flow-statistic enable destination-ip
Verifying the configuration
If you suspect that the server is under an attack, you can view the traffic statistics information on the
interface to check whether there is an attack.
[Router-GigabitEthernet1/1] display flow-statistics statistics destination-ip 10.1.1.2
Flow Statistics Information
------------------------------------------------------------
IP Address : 10.1.1.2
------------------------------------------------------------
Total number of existing sessions : 13676
Session establishment rate : 2735/s
TCP sessions : 0
Half-open TCP sessions : 0
Half-close TCP sessions : 0
TCP session establishment rate : 0/s
UDP sessions : 13676
UDP session establishment rate : 2735/s
ICMP sessions : 0
ICMP session establishment rate : 0/s
RAWIP sessions : 0
RAWIP session establishment rate : 0/s
[Router-GigabitEthernet0/1] display flow-statistics statistics interface gigabitethernet
1/1 outbound
Flow Statistics Information
------------------------------------------------------------
Interface : GigabitEthernet1/1
------------------------------------------------------------
Total number of existing sessions : 13676
Session establishment rate : 2735/s
TCP sessions : 0
Half-open TCP sessions : 0
Half-close TCP sessions : 0
TCP session establishment rate : 0/s
UDP sessions : 13676
UDP session establishment rate : 2735/s
ICMP sessions : 0
ICMP session establishment rate : 0/s
RAWIP sessions : 0
RAWIP session establishment rate : 0/s
The output shows that on GigabitEthernet 1/1, a large number of UDP packets destined for 10.1.1.2
exist, and the session establishment rate has exceeded the specified threshold. You can determine
that the server is under a UDP flood attack. Use the display attack-defense statistics command to
view the related statistics collected after the UDP flood protection function takes effect.
To Next Page
Loading...
