Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
SCE 1000 2xGBE Release 2.0.10 User Guide
OL-7117-02 9-9
Use these commands to define thresholds, actions, and subscriber notification setting for a
specific attack detector for a particular situation (protocol/attack direction/side).
To enable a specific attack detector and assign and it an ACL:
Step 1 From the SCE 1000(config if)# prompt, type attack-detector <number>
access-list <number> comment <comment> and press Enter.
To disable a specific attack detector:
Step 1 From the SCE 1000(config if)# prompt, type no attack-detector <number>
and press Enter.
To disable all non-default attack detectors:
Step 1 From the SCE 1000(config if)# prompt, type no attack-detector all-
numbered and press Enter.
To define action and optionally thresholds for a specific attack detector:
Step 1 From the SCE 1000(config if)# prompt, type attack-detector <number>
protocol (TCP|UDP|ICMP|other) attack-direction (attack-
source|attack-destination|both) side
(subscriber|network|both) action (report|block) [open-flows
<number> ddos-suspected-flows <number>] and press Enter.
Comments to this Manuals