Cisco SCE 1000 2xGBE User's Guide Page 233

  • Download
  • Add to my manuals
  • Print
  • Page
    / 490
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 232
SCE 1000 2xGBE Release 2.0.10 User Guide
OL-7117-02 9-1
This chapter describes the ability of the SCE 1000 to identify and prevent DoS and DDoS attacks,
and the various procedures for configuring and monitoring the Attack Filter Module.
Step 2 This chapter contains the following sections:
Attack Filtering 9-1
Attack Detection 9-2
Attack Detection Thresholds 9-3
Attack Handling 9-3
Configuring Attack Detectors 9-5
Configuring Subscriber Notifications 9-11
Managing Attack Filtering 9-12
Monitoring Attack Filtering 9-14
Attack Filtering
The SCE 1000 includes enhanced capabilities of identifying DoS and DDoS attacks, and
protecting against them. Previous versions of the SEos provided a means to monitor the entire link
and identify a global increase in flow-open rate, indicative of a DoS attack.
The new SEos that runs on the SCE 1000 extends this concept by improving the detection
mechanism, adding individual IP address granularity, and providing a set of actions to report (to
the operator), block, and notify (the subscriber) of the attack.
The system tracks the following two metrics in an attempt to identify abnormal flow/ connection
increase:
open-flows: Total number of flows (TCP, UDP, ICMP, other) that are concurrently open
ddos-suspected-flows: Total number of flows that are possible suspects of being part of a
denial- of- service attack because they are un- established (in TCP the 3-way handshake is
incomplete, in UDP/ ICMP/ OTHER, less than 3 packets have been transmitted on a flow).
CHAPTER 9
Identifying And Preventing Distributed-Denial-Of-
Service Attacks
Page view 232
1 ... 232 233 234 ... 490

Comments to this Manuals

No comments