Configuration Guide NFPP Configuration
Host-based rate-limit and attack detection
Use the source IP address/VID/port-based method to detect the host-based
attack. For each attack detection, you can configure the rate-limit threshold and
attack threshold (also called warning threshold). The ICMP packet will be
dropped when the packet rate exceeds the rate-limit threshold. When the ICMP
packet rate exceeds the warning threshold, it will prompt the warning messages
and send the TRAP message.
It prompts the following message if the ICMP DoS attack was detected:
%NFPP_ICMP_GUARD-4- DOS_DETECTED:Host<IP=1.1.1.1,MAC= N/A,port=Gi4/1,VL
AN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
ICMP DoS attack from host<IP=1.1.1.1,MAC= N/A,,port=Gi4/1,VLAN=1> was de
tected.
If the isolated time is not set as 0 by the administrator, when the hardware
isolation succeeds, it prompts:
%NFPP_ICMP_GUARD-4-ISOLATED:Host <IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=
1> was isolated. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
Host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1> was isolated.
When it fails to isolate the hardware due to a lack of memory or hardware
resources, it prompts:
%NFPP_ICMP_GUARD-4-ISOLATE_FAILED: Failed to isolate host <IP==1.1.1.1, M
AC= N/A,port=Gi4/1,VLAN=1>. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
Failed to isolate host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1>.
To Next Page
Loading...
