Monitoring Attack Filtering
How to Configure a force-filter Setting for a Specified Situation
From the SCE(config if)# prompt, type attack-filter force-filter protocol (((TCP|UDP) [dest-port
Step 1
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address)|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address)) side
(subscriber|network|both)[notify-subscriber] and press Enter.
How to Remove a force-filter Setting from a Specified Situation
From the SCE(config if)# prompt, type no attack-filter force-filter protocol (((TCP|UDP) [dest-port
Step 1
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address)|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address)) side (subscriber|network|both) and press Enter.
How to Remove All force-filter Settings
Step 1
From the SCE(config if)# prompt, type no attack-filter force-filter all and press Enter.
Monitoring Attack Filtering
•
•
•
There are three options for monitoring attack filtering and detection:
•
•
•
Monitoring Attack Filtering Using SNMP Traps
The system sends a trap at the start of a specific attack detection event, and also when a specific detection
event ends, as follows:
•
•
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
10-20
Monitoring Attack Filtering Using SNMP Traps, page 10-20
Monitoring Attack Filtering Using CLI Commands, page 10-22
Viewing the Attack Log, page 10-28
CLI show commands
SNMP attack detection traps
Attack log
STARTED_FILTERING trap – String with the attack information
STOPPED_FILTERING
String with the attack information
–
–
String with the reason for stopping
Chapter 10
Identifying and Preventing Distributed-Denial-Of-Service Attacks
OL-16479-01