Cisco Cisco Firepower 4120 Security Appliance
Table 144: BDoS Attack Details: Info Parameters (cont.)
Parameter
Description
State
The state of the protection process.
Values:
Values:
•
Footprints Analysis—Behavioral DoS Protection has detected an attack
and is currently determining an attack footprint.
•
Blocking—Behavioral DoS Protection is blocking the attack based on the
attack footprint created. Through a closed feedback loop operation, the
Behavioral DoS Protection optimizes the footprint rule, achieving the
narrowest effective mitigation rule.
•
Non-attack—Nothing was blocked because the traffic was not an attack—
no footprint was detected or the blocking strictness level was not met.
Table 145: BDoS Attack Details: Footprint Parameters
Parameter
Description
The footprint blocking rule generated by the Behavioral DoS Protection, which provides the narrowest
effective blocking rule against the flood attack.
Table 146: BDoS Attack Details: Attack Statistics Table
Parameter
Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time values identified
as suspicious in the 15 seconds prior to when the attack was triggered. Black indicates the learned normal traffic
baselines. Table columns are displayed according to the protocols: TCP (includes all flags), UDP, or ICMP.
Table 147: BDoS Attack Details: Attack Statistics Graph
Parameter
Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which the attack was
triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line represents the normal
adapted traffic baseline.
Table 148: BDoS Attack Details: Attack Description
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute Vision server.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 206 of 281