Table of Contents
Advertisement
Alteon Application Switch Operating System Application Guide
Advanced Denial of Service Protection
To match and deny large packets
This configuration is similar to the examples in
page 621
and
Matching All Patterns in a Group, page
1. Create an SLB string pattern that filters non-zero IP offsets. Enter the value in hexadecimal
notation.
>> /cfg/slb/layer7/slb/addstr
Enter type of string [l7lkup|pattern]: pattern
Enter match pattern type [ascii|binary]: binary
Enter HEX string:
Enter offset in bytes from start of IP frame (0-1500):
6
Enter depth in bytes to search from offset (0-1500): 0
Enter operation (eq|gt|lt): gt
2. Create another SLB string pattern that filters More-Fragments.
>> Server Loadbalance Resource# add
Enter type of string [l7lkup|pattern]: pattern
Enter match pattern type [ascii|binary]: binary
>> Enter HEX string: 4000
Enter offset in bytes from start of IP frame (0-1500):
6
Enter depth in bytes to search from offset (0-1500): 0
Enter operation (eq|gt|lt):
3. Apply the new configuration.
>> Server Loadbalance Resource# apply
4. Identify the IDs of the defined patterns.
>> Server Loadbalance Resource# apply
The strings in bold are used in this example. Number of entries: 11
ID
SLB String
1
ida
2
%c1%9c
3
%c0%af
4
playdog.com
6
HTTPHDR:Host:www.playdog.com
7
HTTPHDR:SoapAction=*
624
Matching and Denying a UDP Pattern Group,
0000
lt
623.
(Add the pattern)
(Select binary matching)
(non-zero IP offset)
(Search from seventh byte)
(Through end of pattern)
(For values greater than 0000)
(Add the pattern)
(Select binary matching)
(More-Fragments bit set)
(Search from seventh byte)
(Through end of pattern)
(For values less than 4000)
Document ID: RDWR-ALOS-V2900_AG1302
- Quick Links:
- Part 1-Basic Features
Hide quick links:
Advertisement
Table of Contents
