Cisco SCE 1000 2xGBE User's Guide Page 243

  • Download
  • Add to my manuals
  • Print
  • Page
    / 490
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 242
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks
Configuring Subscriber Notifications
SCE 1000 2xGBE Release 2.0.10 User Guide
OL-7117-02 9-11
SCE 1000(config if)# exit
(Define the ACL)
SCE 1000(config)# access-list 3 permit 10.1.1.10
SCE 1000(config)# access-list 3 permit 10.1.1.13
Configuring Subscriber Notifications
Subscriber notification is a capability used- for notifying a subscriber in real-time about current
attacks involving IP addresses mapped to that subscriber. Subscriber notification is configured on
a per-attack-detector level, as explained above, and must also be enabled and configured by the
application loaded to the SCE 1000, as explained in the appropriate Service Control Application
user guide.
In the current solutions, the SCE Platform notifies the subscriber about the attack by redirecting
HTTP flows originating from the subscriber to the service providers server, that should notify the
subscriber that he is under attack. This raises a question regarding TCP attacks originating from
the subscriber that are configured with block action. Such attacks cannot normally be notified to
the subscriber using HTTP redirection, since all HTTP flows originating from the subscriber are
TCP flows, and they are therefore blocked along with all other attack flows. In order to enable
effective use of HTTP redirect, there is a CLI command that prevents blocking of TCP flows
originating from the subscriber to specified TCP ports, even when the above scenario occurs.
Subscriber Notification Ports
Up to three ports can be specified as subscriber notification ports. The attack filter will, never
block TCP Traffic from the subscriber side of the SCE 1000 to these ports, leaving them always
available for subscriber notification.
To add ports to the list of subscriber notification ports:
Step 1 From the SCE 1000(config if)# prompt, type attack-filter subscriber-
notification ports <port1> [<port2> [<port3>]] and press Enter.
To remove all ports from the list of subscriber notification ports:
Step 1 From the SCE 1000(config if)# prompt, type no attack-filter subscriber-
notification ports and press Enter.
Page view 242
1 ... 242 243 244 ... 490

Comments to this Manuals

No comments