Displaying security filter statistics, Address-sweep and port-scan logging – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

134

ServerIron ADX Security Guide

53-1002440-03

DDoS protection

5

Displaying security filter statistics

You can display security filter statistics as shown.

The counters shown for the show security filter-statistics command display the DDoS attack types
and the number of packets that have been counted, logged or dropped for each type.

Syntax: show security filter-statistics

Address-sweep and port-scan logging

The ServerIron ADX provides a log message for address-sweep and port-scan. When the ServerIron
ADX detects either of these attacks, the SSM CPU will send a message to the MP indicating the
particular IP will be held down for the specified time interval.

Log example:

Security: Address-sweep attack detected!Holdown 10.10.1.101 for 2 min

ServerIronADX# show security filter-statistics

Filter |Type |Log Cnt |Drop Cnt

dos-filter |icmp-type |0 |0

Cumulative Statistics

attack-type = log-count, drop-count

ip-options = 0, 0

icmp-type = 0, 0

address-sweep = 0, 0

port-scan = 0, 0

generic = 0, 0

filter-dns = 0, 0

Attack-type = Attack-count

ipv6-ext-header = 1201

icmpv6-type-All = 321

icmpv6-type-NS = 221

icmpv6-type -NA = 60

icmpv6-type-RS = 24

icmpv6-type-RA = 16

large-icmp = 0

unknown-ip-proto = 0

xmas-tree = 0

tcp-no-flags = 0

syn-fragments = 0

syn-and-fin-set = 0

deny-all-fragments = 0

fin-with-no-ack = 0

icmp-fragment = 0

land-attack = 0

ping-of-death = 0