Specific Attack Detectors; Options - Cisco SCE2020-4XGBE-SM Configuration Manual

Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks

Specific Attack Detectors

Use these commands to define thresholds, actions, subscriber notification setting, and sending an SNMP
trap for a specific attack detector for selected set of attack types.
•
•
•
•
•
•
•
•
•
•

Options

A specific attack detector may be configured for each possible combination of protocol, attack direction,
and side. The SCE platform supports a maximum of 100 attack detectors. Each attack detector is
identified by a number (1-100). Each detector can be either disabled (default) or enabled. An enabled
attack detector must be configured with the following parameters:
•
•
In addition, an enabled attack detector may contain the following settings:
•
OL-7827-12
Options, page 11-13
How to Enable a Specific Attack Detector and Assign it an ACL, page 11-14
How to Define the Action and Optionally the Thresholds for a Specific Attack Detector, page 11-14
How to Define the Subscriber Notification Setting for a Specific Attack Detector, page 11-15
How to Define the SNMP Trap Setting for a Specific Attack Detector, page 11-15
How to Define the List of Destination Ports for TCP or UDP Protocols for a Specific Attack
Detector, page 11-15
How to Delete User-Defined Values, page 11-16
How to Disable a Specific Attack Detector, page 11-16
How to Disable All Non-default Attack Detectors, page 11-16
How to Disable All Attack Detectors, page 11-16
access-list — The number of the Access-Control List (ACL) associated with the specified attack
detector. The ACL identifies the IP addresses selected by this detector. (See Access Control Lists.)
For dual-ip detections, the destination IP address is used for matching with the ACL.
–
– Use the "none" keyword to indicate that all IP addresses are permitted by this attack-detector.
This option is useful when using the command to define a port list, and the desired configuration
should be set for all IP addresses.
comment — For documentation purposes.
TCP-port-list/UDP-port-list — Destination port list for the specified protocol. TCP and UDP
protocols may be configured for specified ports only. This is the list of specified destination ports
per protocol.
Up to 15 different TCP port numbers and 15 different UDP port numbers can be specified.
Configuring a TCP/UDP port list for a given attack detector affects only attack types that have the
same protocol (TCP/UDP) and are port-based (i.e. detect a specific destination port). Settings for
other attack types are not affected by the configured port list(s).
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
Configuring Attack Detectors
11-13