Host-based rate-limit and attack detection
Use the source IP address/VID/port-based method to detect the host-based
attack. For each attack detection, you can configure the rate-limit threshold and
attack threshold (also called warning threshold). The IP packet will be dropped
when the packet rate exceeds the rate-limit threshold. When the IP packet rate
exceeds the warning threshold, it will prompt the warning messages and send
the TRAP message.
It prompts the following message if the IP DoS attack was detected:
%NFPP_IP_GUARD-4- DOS_DETECTED:Host<IP=1.1.1.1,MAC=
N/A,port=Gi4/1,VLAN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
IP DoS attack from host<IP=1.1.1.1,MAC= N/A,,port=Gi4/1,VLAN=1> was dete
cted.
If the isolated time is not set as 0 by the administrator, when the hardware
isolation succeeds, it prompts:
%NFPP_IP_GUARD-4-ISOLATED:Host <IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1>
was isolated. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
Host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1> was isolated.
When it fails to isolate the hardware due to a lack of memory or hardware
resources, it prompts:
%NFPP_IP_GUARD-4-ISOLATE_FAILED: Failed to isolate host <IP=1.1.1.1, MAC=
N/A,port=Gi4/1,VLAN=1>. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
Failed to isolate host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1>.
To Next Page
Loading...
