Clearing all ddos filter & attack counters, Logging for dos attacks – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

94

Brocade Virtual ADX Security Guide

53-1003250-01

DDoS protection

5

Clearing all DDOS Filter & Attack Counters

Use security clear all-dos-filter-counters to reset all DDOS Filter and Attack Counters.

Syntax: security clear all-dos-filter-counters

Logging for DoS attacks

Use the show log command to display the logging information and notice the attack type hits.

For each log event taking place for software rules, the Brocade Virtual ADX sends a syslog message
and an SNMP trap. The system logs every 1 second time period, but only the difference is logged
(not cumulative totals). For example, assume 5 packets are dropped within 1 second. The system
logs 5. Then, 2 packets are dropped during the next second. The system logs 2 (not 7).

Use show security hold:

Use show security net-scan-sessions:

The number scanned indicate the number of ports client 10.10.1.101 has accessed on IP
10.10.1.151 (which is the VIP in the example).

BP #show sec net-scan-sessions 0

IP address

Attack Type

Number Scanned

10.10.1.101

address-sweep

2

The above example tells you that client 10.10.1.101 has accessed 2 destination IPs in the past 1
monitoring interval.

BP #show sec net-scan-sessions number to be skipped

IP address Attack Type Number Scanned

10.10.1.101->10.10.1.151 port-scan 1