Chapter 11
Identifying and Preventing Distributed-Denial-Of-Service Attacks
•
•
•
•
•
Monitoring Attack Filtering Using CLI Commands
•
•
•
•
•
•
•
•
•
•
•
Use these commands to monitor attack detection and filtering:
•
•
•
•
•
•
•
OL-7827-12
'protocol'
TCP
–
UDP
–
ICMP
–
other
–
'rate1' and 'rate2' are numbers
'duration' is a number.
'total-flows' is one of the following strings, depending on the attack action:
If 'action' is block: 'number' flows blocked.
–
If 'action' is report: attack comprised of 'number' flows.
–
'hw-filter'
–
If the attack was not filtered by a hardware filter: empty string
–
If the attack was filtered by a hardware filter: HW filters used, actual attack duration is probably
smaller than reported above, actual amount of flows handled is probably larger than reported
above.
How to display a specified attack detector configuration, page 11-24
How to display the default attack detector configuration, page 11-25
How to display all attack detector configurations, page 11-26
How to display filter state (enabled or disabled), page 11-26
How to display configured threshold values and actions, page 11-26
How to display the current counters, page 11-28
How to display all currently handled attacks, page 11-28
How to display all existing force-filter settings, page 11-28
How to display all existing don't-filter settings, page 11-28
How to display the list of ports selected for subscriber notification, page 11-29
How to find out whether hardware attack filtering has been activated, page 11-29
show interface linecard 0 attack-detector
show interface linecard 0 attack-filter
show interface linecard 0 attack-filter query
show interface linecard 0 attack-filter current-attacks
show interface linecard 0 attack-filter don't-filter
show interface linecard 0 attack-filter force-filter
show interface linecard 0 attack-filter subscriber-notification ports
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
Monitoring Attack Filtering
11-23