Advertisement
Chapter 4
Zone Configuration
Zone Detection
OL-6109-01
Choose ENTER. The following (partial sample) screen appears:
2.
admin@DETECTOR-conf-zone-scannet# show policies statistics
Key
192.168.100.34
N/A
Key
192.168.100.34
tcp_ratio/any/analysis/syn_by_fin/dst_ip_ratio
80
tcp_ratio/any/analysis/syn_by_fin/dst_port_ratio
Key
N/A
tcp_connections/any/analysis/in_nodata_conns/global
The sample screen displays that the detector policies are receiving traffic and
functioning properly.
After learning the zone traffic characteristics the Detector is ready for zone
detection. The user may wish to command the Detector to detect right after
completing the zone configurations. The Detector would then begin applying its
detection policies.
To detect the zone perform the following:
From the Global command group level type the following:
1.
admin@DETECTOR# detect <zone-name>
Or alternatively:
From the Zone command group level type the following:
admin@DETECTOR-conf-zone-<zone-name># detect
Where
zone-name
Rate
Policy
73.17
http/80/analysis/syns/dst_ip
0.17
http/80/analysis/syns/global
Ratio
Policy
1.44
1.44
Connections
Policy
429.00
specifies a zone name.
Cisco Traffic Anomaly Detector User Guide
Zone Detection
4-19
Advertisement
