Table of Contents
Advertisement
5
DDoS protection
Displaying security filter statistics
You can display security filter statistics as shown.
ServerIronADX# show security filter-statistics
Filter
dos-filter
Cumulative Statistics
attack-type = log-count, drop-count
ip-options
icmp-type
address-sweep
port-scan
generic
filter-dns
Attack-type = Attack-count
ipv6-ext-header
icmpv6-type-All
icmpv6-type-NS
icmpv6-type -NA
icmpv6-type-RS
icmpv6-type-RA
large-icmp
unknown-ip-proto
xmas-tree
tcp-no-flags
syn-fragments
syn-and-fin-set
deny-all-fragments =
fin-with-no-ack
icmp-fragment
land-attack
ping-of-death
The counters shown for the show security filter-statistics command display the DDoS attack types
and the number of packets that have been counted, logged or dropped for each type.
Syntax: show security filter-statistics
Address-sweep and port-scan logging
The ServerIron ADX provides a log message for address-sweep and port-scan. When the ServerIron
ADX detects either of these attacks, the SSM CPU will send a message to the MP indicating the
particular IP will be held down for the specified time interval.
Log example:
Security: Address-sweep attack detected!Holdown 10.10.1.101 for 2 min
134
|Type
|Log Cnt
|icmp-type
|0
= 0, 0
= 0, 0
= 0, 0
= 0, 0
= 0, 0
= 0, 0
= 1201
=
321
=
221
=
60
=
24
=
16
=
0
=
0
=
0
=
0
=
0
=
0
0
=
0
=
0
=
0
=
0
|Drop Cnt
|0
ServerIron ADX Security Guide
53-1002440-03
Advertisement
Table of Contents
Troubleshooting
