Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
SCE 1000 2xGBE Release 2.0.10 User Guide
OL-7117-02 9-7
• [no] attack-filter subscriber-notification ports
• no attack-detector <number>
Note
All the above CLI commands are line interface configuration commands. You must enter line interface
configuration mode and see the SCE 1000(config if)# prompt displayed.
Enabling Specific-IP Detection
By default, specific-IP detection is disabled, however the user may enable it.
To disable Specific-IP Detection:
Step 1 From the SCE 1000(config if)# prompt, type no attack-filter and press
Enter.
To enable Specific-IP Detection:
Step 1 From the SCE 1000(config if)# prompt, type attack-filter and press
Enter.
Default Attack Detector
Use these commands to define default thresholds and attack handling action. If a specific attack
detector is defined for a particular situation (protocol/attack direction/side), it will override these
defaults. The default values configured for the default attack detector are:
• Default action: Report
• Default TCP thresholds:
• Concurrently open flows: 10000
• DDoS-suspected flows: 2000
• Default UDP thresholds:
• Concurrently open flows: 10000
• DDoS-suspected flows: 5000
• Default ICMP/Other flows:
• Concurrently open flows: 1000
• DDoS-suspected flows: 500
• Subscriber notification: Disabled
Comments to this Manuals