11-27
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
Options
In addition to the attack detector options described above, the following options are available:
•
ip-address
— the IP address for which to display information.
If
attack -direction
is dual-sided, an IP address must be configured for both the source
(
source-ip-address
) and the destination (
dest-ip-address
) sides.
•
portnumber
— the port number for which to display information.
Step 1
From the SCE> prompt, type
show interface linecard 0 attack-filter query ((single-sided ip
ip-address
)|(dual-sided source-IP
source-ip-address
destination-IP
dest-ip-address
)) [dest-port
portnumber] configured
and press
Enter
.
Example 1
This example shows a query for a single IP address.
SCE#>show interface linecard 0 attack-filter query single-sided ip 10.1.1.1 configured
Protocol|Side|Dir.|Action| Thresholds |don't- |force-|Sub- |Alarm
| | | |Open flows|Ddos-Susp. flows|filter|filter|notif|
| | | |rate |rate |ratio| | | |
--------|----|----|------|----------|----------|-----|----- |------|-----|-----
TCP |net.|src.|Report| 1000| 500| 50|No |No | No| No
TCP |net.|dst.|Report| 1000| 500| 50|No |No | No| No
TCP |sub.|src.|Report| 1000| 500| 50|No |No | No| No
TCP |sub.|dst.|Report| 1000| 500| 50|No |No | No| No
UDP |net.|src.|Report| 1000| 500| 50|No |No | No| No
UDP |net.|dst.|Report| 1000| 500| 50|No |No | No| No
UDP |sub.|src.|Report| 1000| 500| 50|No |No | No| No
UDP |sub.|dst.|Report| 1000| 500| 50|No |No | No| No
ICMP |net.|src.|Report| 500| 250| 50|No |No | No| No
ICMP |net.|dst.|Report| 500| 250| 50|No |No | No| No
ICMP |sub.|src.|Report| 500| 250| 50|No |No | Yes| No
| | | | | | | | | (1)|
ICMP |sub.|dst.|Report| 500| 250| 50|No |No | No| No
other |net.|src.|Report| 500| 250| 50|No |No | No| No
other |net.|dst.|Report| 500| 250| 50|No |No | No| No
other |sub.|src.|Report| 500| 250| 50|No |No | No| No
other |sub.|dst.|Report| 500| 250| 50|No |No | No| No
(N) below a value means that the value is set through attack-detector #N.
SCE#>