Перейти к содержимому
Калькуляторы

d3m1gd

Пользователи
 Просмотреть профиль  Активность

  • Публикации

    1

  • Зарегистрирован

  • Посещение

 Тип публикации 

Все публикации пользователя d3m1gd

  1. Вопрос по Cisco SCE 2000. Отключение фильтров.

    тему добавил d3m1gd в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...

    Необходимо отключить фильтрацию пакетов при обнаружении атак. UPD: Решено. Фильтры отключаются через sanity-checks. Версия ПО 3.6.0. "Anomaly detection" и "Spam zombies" отключены в настройках SCA BB Console. #> show interface linecard 0 attack-detector all Default detector: Protocol|Side|Direction ||Action| Thresholds |Sub- |Alarm | | || |Open flows|Ddos-Suspected flows|notif| | | || |rate |rate |ratio | | --------|----|-----------||------|----------|------------|-------|-----|----- TCP |net.|source-only||Report| 1000| 250|50 |No |No TCP |net.|dest-only ||Report| 1000| 250|50 |No |No TCP |sub.|source-only||Report| 1000| 250|50 |No |No TCP |sub.|dest-only ||Report| 1000| 250|50 |No |No TCP |net.|source+dest||Report| 100| 50|50 |No |No TCP |sub.|source+dest||Report| 100| 50|50 |No |No TCP+port|net.|source-only||Report| 1000| 250|50 |No |No TCP+port|net.|dest-only ||Report| 1000| 250|50 |No |No TCP+port|sub.|source-only||Report| 1000| 250|50 |No |No TCP+port|sub.|dest-only ||Report| 1000| 250|50 |No |No TCP+port|net.|source+dest||Report| 100| 50|50 |No |No TCP+port|sub.|source+dest||Report| 100| 50|50 |No |No UDP |net.|source-only||Report| 1000| 250|50 |No |No UDP |net.|dest-only ||Report| 1000| 250|50 |No |No UDP |sub.|source-only||Report| 1000| 250|50 |No |No UDP |sub.|dest-only ||Report| 1000| 250|50 |No |No UDP |net.|source+dest||Report| 100| 50|50 |No |No UDP |sub.|source+dest||Report| 100| 50|50 |No |No UDP+port|net.|source-only||Report| 1000| 250|50 |No |No UDP+port|net.|dest-only ||Report| 1000| 250|50 |No |No UDP+port|sub.|source-only||Report| 1000| 250|50 |No |No UDP+port|sub.|dest-only ||Report| 1000| 250|50 |No |No UDP+port|net.|source+dest||Report| 100| 50|50 |No |No UDP+port|sub.|source+dest||Report| 100| 50|50 |No |No ICMP |net.|source-only||Report| 500| 125|50 |No |No ICMP |net.|dest-only ||Report| 500| 125|50 |No |No ICMP |sub.|source-only||Report| 500| 125|50 |No |No ICMP |sub.|dest-only ||Report| 500| 125|50 |No |No other |net.|source-only||Report| 500| 125|50 |No |No other |net.|dest-only ||Report| 500| 125|50 |No |No other |sub.|source-only||Report| 500| 125|50 |No |No other |sub.|dest-only ||Report| 500| 125|50 |No |No Detector #1 is disabled. Detector #2 is disabled. Detector #3 is disabled. Detector #4 is disabled. Detector #5 is disabled. Detector #6 is disabled. Detector #7 is disabled. Detector #8 is disabled. Detector #9 is disabled. Detector #10 is disabled. Detector #11 is disabled. Detector #12 is disabled. Detector #13 is disabled. Detector #14 is disabled. Detector #15 is disabled. Detector #16 is disabled. Detector #17 is disabled. Detector #18 is disabled. Detector #19 is disabled. Detector #20 is disabled. Detector #21 is disabled. Detector #22 is disabled. Detector #23 is disabled. Detector #24 is disabled. Detector #25 is disabled. Detector #26 is disabled. Detector #27 is disabled. Detector #28 is disabled. Detector #29 is disabled. Detector #30 is disabled. Detector #31 is disabled. Detector #32 is disabled. Detector #33 is disabled. Detector #34 is disabled. Detector #35 is disabled. Detector #36 is disabled. Detector #37 is disabled. Detector #38 is disabled. Detector #39 is disabled. Detector #40 is disabled. Detector #41 is disabled. Detector #42 is disabled. Detector #43 is disabled. Detector #44 is disabled. Detector #45 is disabled. Detector #46 is disabled. Detector #47 is disabled. Detector #48 is disabled. Detector #49 is disabled. Detector #50 is disabled. Detector #51 is disabled. Detector #52 is disabled. Detector #53 is disabled. Detector #54 is disabled. Detector #55 is disabled. Detector #56 is disabled. Detector #57 is disabled. Detector #58 is disabled. Detector #59 is disabled. Detector #60 is disabled. Detector #61 is disabled. Detector #62 is disabled. Detector #63 is disabled. Detector #64 is disabled. Detector #65 is disabled. Detector #66 is disabled. Detector #67 is disabled. Detector #68 is disabled. Detector #69 is disabled. Detector #70 is disabled. Detector #71 is disabled. Detector #72 is disabled. Detector #73 is disabled. Detector #74 is disabled. Detector #75 is disabled. Detector #76 is disabled. Detector #77 is disabled. Detector #78 is disabled. Detector #79 is disabled. Detector #80 is disabled. Detector #81 is disabled. Detector #82 is disabled. Detector #83 is disabled. Detector #84 is disabled. Detector #85 is disabled. Detector #86 is disabled. Detector #87 is disabled. Detector #88 is disabled. Detector #89 is disabled. Detector #90 is disabled. Detector #91 is disabled. Detector #92 is disabled. Detector #93 is disabled. Detector #94 is disabled. Detector #95 is disabled. Detector #96 is disabled. Detector #97 is disabled. Detector #98 is disabled. Detector #99 is disabled. Detector #100 is disabled. #>do show interface linecard 0 attack-filter Enabled state : ------------------ Protocol |Direction |State ----------|------------|------------ TCP |source-only |disabled TCP |dest-only |disabled TCP |dest+source |disabled TCP+port |source-only |disabled TCP+port |dest-only |disabled TCP+port |dest+source |disabled UDP |source-only |disabled UDP |dest-only |disabled UDP |dest+source |disabled UDP+port |source-only |disabled UDP+port |dest-only |disabled UDP+port |dest+source |disabled ICMP |source-only |disabled ICMP |dest-only |disabled other |source-only |disabled other |dest-only |disabled Тем не менее, в логах SCE пишется о включении фильтров при обнаружении атак. Лог: 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'UDP' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'UDP Fragments' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'TCP SYN' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'TCP No-SYN + RST' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'UDP' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'TCP SYN' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'TCP No-SYN + RST' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 21:25:09 | INFO | CPU #000 | Started filtering packets of type 'TCP Fragment' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:04:08 | INFO | CPU #000 | Started filtering packets of type 'UDP Fragments' received on interface # 1 (network). module # 1. Reason: Started filtering due to attack detection 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'UDP' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'UDP Fragments' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'TCP SYN' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'UDP' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'UDP Fragments' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'TCP SYN' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:27:17 | INFO | CPU #000 | Stopped filtering packets of type 'TCP Fragment' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'UDP' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'UDP Fragments' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'TCP SYN' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'TCP No-SYN + RST' received on interface # 0 (subscriber). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'UDP' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'UDP Fragments' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'TCP SYN' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'TCP No-SYN + RST' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 22:28:19 | INFO | CPU #000 | Started filtering packets of type 'TCP Fragment' received on interface # 1 (network). module # 1. Reason: Resumed filtering following an administrative pause that contained shortage events 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'UDP' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'UDP Fragments' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'TCP SYN' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 0 (subscriber). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'UDP' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'UDP Fragments' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'TCP SYN' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:30:26 | INFO | CPU #000 | Stopped filtering packets of type 'TCP Fragment' received on interface # 1 (network). module # 1. Reason: Stopped filtering for an administrative pause 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'UDP' received on interface # 0 (subscriber). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'UDP Fragments' received on interface # 0 (subscriber). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'TCP SYN' received on interface # 0 (subscriber). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 0 (subscriber). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'UDP' received on interface # 1 (network). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'UDP Fragments' received on interface # 1 (network). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'TCP SYN' received on interface # 1 (network). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 1 (network). module # 1. Reason: Back to normal, no shortage events 2011-03-09 23:31:03 | INFO | CPU #000 | Stopped filtering packets of type 'TCP Fragment' received on interface # 1 (network). module # 1. Reason: Back to normal, no shortage events