Defining Custom Dos Classifications - Avaya G250 Administration Manual

Defining custom DoS classifications

You can define custom DoS attack classifications using access control list (ACL) rules. ACL
rules control which packets are authorized to pass through an interface. A custom DoS class is
defined by configuring criteria for an ACL rule and tagging the ACL with a DoS classification
label.
Note:
For general information about configuring policy rules, refer to
Note:
policy
Defining a DoS class using ACLs
1. Use the ip access-control-list command to enter the configuration mode of an
ACL. For example:
G350-001(super)# ip access-control-list 301
2. Use the ip-rule command to enter the configuration mode of an ACL rule. For example:
G350-001(super)# ip-rule 1
3. Use the dos-classification command to configure the name of the DoS attack
classification. Possible values are: fraggle, smurf, ip-spoofing,
other-attack-100, other-attack-101, other-attack-102,
other-attack-103, other-attack-104, and other-attack-105. For example:
G350-001(super-ACL 301/ip rule 1)# dos-classification smurf
Done!
4. Define the packet criteria to which the ACL rule should apply. See
criteria on page 646.
For example, you can use destination-ip to specify that the rule applies to packets
with a specific destination address and you can use ip-protocol to specify that the rule
applies to packets with a specific protocol:
G350-001(super-ACL 301/ip rule 1)# destination-ip 255.255.255.255 0.0.0.0
Done!
G350-001(super-ACL 301/ip rule 1)# ip-protocol icmp
Done!
5. Use the composite-operation command to associate the ACL rule with the predefined
operation "deny-notify," which tells the gateway to drop any packet received that matches
the ACL rule, and send a trap upon dropping the packet. For example:
G350-001(super-ACL 301/ip rule 1)# composite-operation deny-notify
Done!
on page 637.
Special security features
Configuring
Policy lists rule
Issue 5 June 2008 85