Cisco SCE 1000 2xGBE User's Guide Page 240

  • Download
  • Add to my manuals
  • Print
  • Page
    / 490
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 239
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
SCE 1000 2xGBE Release 2.0.10 User Guide
9-8 OL-7117-02
To define action and optionally the default thresholds:
Step 1 From the SCE 1000(config if)# prompt, type attack-detector default
protocol (TCP|UDP|ICMP|other) attack-direction (attack-
source|attack-destination|both) side
(subscriber|network|both) action (report|block) [open-flows
<number> ddos-suspected-flows <number>] and press Enter.
Use the following command to set the default values for the subscriber notification
mechanism.
Step 2 From the SCE 1000(config if)# prompt, type attack-detector default
protocol (TCP|UDP|ICMP|other) attack-direction (attack-
source|attack-destination|both) side
(subscriber|network|both) (notify-subscriber|dont-notify-
subscriber) and press Enter.
Use the following command delete user-defined default values for action, thresholds and
subscriber notification for a given combination of protocol, direction and side, and reinstate the
system defaults.
To delete user-defined defaults for a specific situation:
Step 1 From the SCE 1000(config if)# prompt, type no attack-detector
default protocol (TCP|UDP|ICMP|other) attack-direction
(attack-source|attack-destination|both) side
(subscriber|network|both) and press Enter.
Specific Attack Detectors
A specific attack detector may be configured for each possible combination of protocol direction,
and side. The SCE 1000 supports a maximum of 100 attack detectors. Each attack detector is
identified by a number (1-99). Each detector can be either disabled (default) or enabled. An
enabled attack detector must be configured with the following parameters:
Access-Control List (ACL) number: Identifies the IP addresses selected by this detector. (See
Access Control Lists ("Configuring Access Control Lists (ACLs)" on page 6-2).)
Comment: For documentation purposes
In addition, an enabled attack detector may contain the following settings:
Threshold values for number of concurrently open flows and for number of DDoS-suspected
flows
Action to take when an attack is detected (Report or Block)
Subscriber notification setting (Enabled or Disabled)
Page view 239
1 ... 239 240 241 ... 490

Comments to this Manuals

No comments