Clearing all ddos filter & attack counters, Logging for dos attacks – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 106
94
Brocade Virtual ADX Security Guide
53-1003250-01
DDoS protection
5
Clearing all DDOS Filter & Attack Counters
Use security clear all-dos-filter-counters to reset all DDOS Filter and Attack Counters.
Syntax: security clear all-dos-filter-counters
Logging for DoS attacks
Use the show log command to display the logging information and notice the attack type hits.
For each log event taking place for software rules, the Brocade Virtual ADX sends a syslog message
and an SNMP trap. The system logs every 1 second time period, but only the difference is logged
(not cumulative totals). For example, assume 5 packets are dropped within 1 second. The system
logs 5. Then, 2 packets are dropped during the next second. The system logs 2 (not 7).
Use show security hold:
Use show security net-scan-sessions:
The number scanned indicate the number of ports client 10.10.1.101 has accessed on IP
10.10.1.151 (which is the VIP in the example).
BP #show sec net-scan-sessions 0
IP address
Attack Type
Number Scanned
10.10.1.101
address-sweep
2
The above example tells you that client 10.10.1.101 has accessed 2 destination IPs in the past 1
monitoring interval.
BP #show sec net-scan-sessions number to be skipped
IP address Attack Type Number Scanned
10.10.1.101->10.10.1.151 port-scan 1