Cisco Cisco Firepower 4110 Security Appliance
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Table 143: BDoS Attack Details: Characteristics Parameters (cont.)
Parameter
Description
Device IP
The device IP address that the attack uses or used.
TTL
The TTL that the attack uses or used.
L4 Checksum
The L4 checksum that the attack uses or used.
TCP Sequence Number
The TCP sequence number that the attack uses or used.
IP ID Number
The IP ID number that the attack uses or used.
Fragmentation Offset
The fragmentation offset that the attack uses or used.
Fragmentation Flag
The fragmentation flag that the attack uses or used. 0 indicates that fragmentation
is allowed. 1 indicates that fragmentation is not allowed.
Flow Label
(IPv6 only) The flow label that the attack uses or used.
ToS
The ToS that the attack uses or used.
Packet Size
The packet size that the attack uses or used.
ICMP Message Type
(This is displayed only if
(This is displayed only if
the protocol is ICMP.)
The ICMP message type that the attack uses or used.
Source IP
The source IP address that the attack uses or used.
Destination IP
The destination IP address that the attack uses or used.
Source Ports
The source ports that the attack uses or used.
Destination Ports
The destination ports that the attack uses or used.
DNS ID
The DNS ID that the attack uses or used.
DNS Query
The DNS query that the attack uses or used.
DNS Query Count
The DNS query count that the attack uses or used.
Table 144: BDoS Attack Details: Info Parameters
Parameter
Description
Packet Size Anomaly
Region
The statistical region of the attack packets.
The formula for the packet-size baseline for a policy is as follows:
The formula for the packet-size baseline for a policy is as follows:
{(AnomalyBandwidth/AnomalyPPS)/(NormalBandwidth/
NormalPPS)
}
Values:
•
Large Packets—The attack packets are approximately 15% larger than the
normal packet-size baseline for the policy.
•
Normal Packets—The attack packets are within approximately 15% either
side of the normal packet-size baseline for the policy.
•
Small Packets—The attack packets are approximately 15% smaller than the
normal packet-size baseline for the policy.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 205 of 281