Cisco 11503 Administration Guide - Page 207
Displaying DoS Configurations
UPC - 746320664958
View all Cisco 11503 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 207 highlights
Chapter 5 Configuring Simple Network Management Protocol (SNMP) Configuring Denial of Service (DoS) The dos_attack_type variable is the type of DoS attack event to trap. The options include: • dos-illegal-attack - Generates traps for illegal addresses, either source or destination. Illegal addresses are loopback source addresses, broadcast source addresses, loopback destination addresses, multicast source addresses, or source addresses that you own. The default trap threshold for this type of attack is 1 per second. • dos-land-attack - Generates traps for packets that have identical source and destination addresses. The default trap threshold for this type of attack is 1 per second. • dos-smurf-attack - Generates traps when the number of pings with a broadcast destination address exceeds the threshold value. The default trap threshold for this type of attack is 1 per second. • dos-syn-attack - Generates traps when the number of TCP connections that are initiated by a source, but not followed with an acknowledgment (ACK) frame to complete the 3-way TCP handshake, exceeds the threshold value. The default trap threshold for this type of attack is 10 per second. Use the trap-threshold option to override a default trap threshold. For the threshold_value, enter a number from 1 to 65535. For example, to enable the CSS to generate traps for packets that have identical source and destination addresses, enter: (config)# snmp trap-type enterprise dos-land-attack To prevent the CSS from generating DoS attack event traps, enter: (config)# no snmp trap-type enterprise dos_attack_type Displaying DoS Configurations Use the show dos command to display detailed information about DoS attacks on each CSS Session Processor (SP). The show dos command displays the following information: • The total number of attacks since booting the CSS • The types of attacks and the maximum number of these attacks per second • The first and last occurrence of an attack • The source and destination IP addresses OL-5647-02 Cisco Content Services Switch Administration Guide 5-25