Monitoring Attack Filtering
Example 2
This example shows a query for a single IP address, with a specified port.
SCE#>show interface linecard 0 attack-filter query single-sided ip 10.1.1.1 dest-port 21
configured
Protocol|Side|Dir.|Action|
|
|
--------|----|----|------|----------|----------|-----|----- |------|-----|-----
TCP+port|net.|src.|Block |
|
TCP+port|net.|dst.|Report|
TCP+port|sub.|src.|Block |
|
TCP+port|sub.|dst.|Report|
UDP+port|net.|src.|Report|
UDP+port|net.|dst.|Report|
UDP+port|sub.|src.|Report|
UDP+port|sub.|dst.|Report|
(N) below a value means that the value is set through attack-detector #N.
SCE#>
How to display the current counters
Use this command to display the current counters for the specified attack detector for attack types for a
specified IP address.
Step 1
From the SCE> prompt, type
ip-address )|(dual-sided source-IP source-ip-address
portnumber] current and press Enter.
How to display all currently handled attacks
From the SCE> prompt, type show interface linecard 0 attack-filter current-attacks and press Enter.
Step 1
How to display all existing force-filter settings
From the SCE> prompt, type show interface linecard 0 attack-filter force-filter and press Enter.
Step 1
How to display all existing don't-filter settings
From the SCE> prompt, type show interface linecard 0 attack-filter don't-filter and press Enter.
Step 1
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
11-28
|
|
|Open flows|Ddos-Susp. flows|filter|filter|notif|
|
|
|rate
|
|(1)
|
|
|(1)
|
how interface linecard 0 attack-filter query ((single-sided ip
s
Chapter 11
Identifying and Preventing Distributed-Denial-Of-Service Attacks
Thresholds
|rate
|ratio|
1000|
500|
|
|
|
1000|
500|
1000|
500|
|
|
|
1000|
500|
1000|
500|
1000|
500|
1000|
500|
1000|
500|
destination-IP
|don't- |force-|Sub- |Alarm
|
|
|
50|No
|No
|
No|
|
|
|
(1)
50|No
|No
|
No|
50|No
|No
|
No|
|
|
|
(1)
50|No
|No
|
No|
50|No
|No
|
No|
50|No
|No
|
No|
50|No
|No
|
No|
50|No
|No
|
No|
dest-ip-address )) [dest-port
Yes
No
Yes
No
No
No
No
No
OL-7827-12