Attack Filtering And Attack Detection; Attack Filtering - Cisco SCE8000 Configuration Manual
Service control engine
Hide thumbs
Also See for SCE8000:
- Installation and configuration manual (248 pages) ,
- Installation manual (51 pages) ,
- Removal and replacement procedures (36 pages)
Table of Contents
Advertisement
Identifying and Preventing
Distributed-Denial-Of-Service Attacks
This module describes the ability of the SCE platform to identify and prevent DDoS attacks, and the
various procedures for configuring and monitoring the Attack Filter Module.
•
•
•
•
•
Attack Filtering and Attack Detection
•
•
•
•
•
•
Attack Filtering
The SCE platform includes extensive capabilities for identifying DDoS attacks, and protecting against
them.
Attack filtering is performed using specific-IP attack detectors. A specific-IP attack detector tracks the
rate of flows (total open and total suspected) in the SCE platform for each combination of IP address (or
pair of IP addresses), protocol (TCP/UDP/ICMP/Other), destination port (for TCP/UDP), interface and
direction. When the rates satisfy user-configured criteria, it is considered an attack, and a configured
action can take place (report/block, notify subscriber, send SNMP trap).
This mechanism is enabled by default, and can be disabled and enabled for each attack type
independently.
OL-16479-01
Attack Filtering and Attack Detection, page 10-1
Configuring Attack Detectors, page 10-6
Subscriber Notifications, page 10-17
Preventing and Forcing Attack Detection, page 10-18
Monitoring Attack Filtering, page 10-20
Attack Filtering, page 10-1
Specific Attack Filtering, page 10-2
Attack Detection, page 10-3
Attack Detection Thresholds, page 10-4
Attack Handling, page 10-4
Hardware Filtering, page 10-5
C H A P T E R
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
10
10-1
Advertisement
Table of Contents
