Table of Contents
Advertisement
Chapter 11
Identifying and Preventing Distributed-Denial-Of-Service Attacks
How to Configure a force-filter Setting for a Specified Situation
From the SCE(config if)# prompt, type attack-filter force-filter action (block|report) protocol
Step 1
(((TCP|UDP) [dest-port (port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address )|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address )) side
(subscriber|network|both)[notify-subscriber] and press Enter.
How to Remove a force-filter Setting from a Specified Situation
From the SCE(config if)# prompt, type no attack-filter force-filter protocol (((TCP|UDP) [dest-port
Step 1
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address )|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address )) side (subscriber|network|both) and press Enter.
How to Remove All force-filter Settings
Step 1
From the SCE(config if)# prompt, type no attack-filter force-filter all and press Enter.
Monitoring Attack Filtering
•
•
•
There are three options for monitoring attack filtering and detection:
•
•
•
Monitoring Attack Filtering Using SNMP Traps
The system sends a trap at the start of a specific attack detection event, and also when a specific detection
event ends, as follows:
•
•
OL-7827-12
Monitoring Attack Filtering Using SNMP Traps, page 11-21
Monitoring Attack Filtering Using CLI Commands, page 11-23
The Attack Log, page 11-29
CLI show commands
SNMP attack detection traps
Attack log
STARTED_FILTERING trap – String with the attack information
STOPPED_FILTERING
String with the attack information
–
–
String with the reason for stopping
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
Monitoring Attack Filtering
11-21
Advertisement
Table of Contents
