Cisco Cisco ASR 5000
ACS Rulebase Configuration Mode Commands
▀ firewall flooding
▄ Command Line Interface Reference, StarOS Release 18
710
Usage
Use this command to configure the maximum number of ICMP, TCP-SYN, / UDP packets allowed to prevent
the packet flooding attacks to the host.
the packet flooding attacks to the host.
Example
The following command ensures a subscriber will not receive more that 1000 ICMP packets per sampling
interval:
interval:
firewall flooding protocol icmp packet limit 1000
The following command ensures a subscriber will not receive more than 1000 UDP packets per sampling
interval on different 5-tuples. That is, if an attacker is sending lot of UDP packets on different ports or using
different spoofed IPs, those packets will be limited to 1000 packets per sampling interval. This way only
“suspected” malicious packets are limited and not “legitimate” packets:
interval on different 5-tuples. That is, if an attacker is sending lot of UDP packets on different ports or using
different spoofed IPs, those packets will be limited to 1000 packets per sampling interval. This way only
“suspected” malicious packets are limited and not “legitimate” packets:
firewall flooding protocol udp packet limit 1000
The following command ensures a subscriber will not receive more than 1000 TCP-SYN packets per
sampling interval:
sampling interval:
firewall flooding protocol tcp-syn packet limi 1000
The following command specifies a flooding sampling interval of 1 second:
firewall flooding sampling-interval 1