Cisco Cisco Packet Data Gateway (PDG)
PSF Changes in Release 16
▀ PSF Enhancements for 16.0
▄ Release Change Reference, StarOS Release 16
316
configure
active-charging service acs_name
fw-and-nat policy policy_name
[ no ] firewall dos-protection ip-sweep { icmp | tcp-syn | udp }
default firewall dos-protection
end
Notes:
IP Sweep attacks detected in the uplink direction can be configured using the
firewall dos-protection
ip-sweep
command in the ACS Configuration mode.
The configuration values of packet limit and sampling interval are common for both uplink and downlink.
Performance Indicator Changes
show active-charging firewall dos-protection
This command is new and can be configured to display statistics of the IP Sweep server list involved in IP Sweep
attacks.
attacks.
show active-charging firewall dos-protection ip-sweep server-list { all | instance
instance_num } [ | { grep grep_options | more } ]
instance_num } [ | { grep grep_options | more } ]
show active-charging firewall statistics verbose
The following fields have been added to the output of this command to display the number of packets dropped on
ICMP/TCP-SYN/UDP attacks in uplink and downlink.
ICMP/TCP-SYN/UDP attacks in uplink and downlink.
TCP Stats:
Packets Dropped on TCP-SYN IP-Sweep Attack (DL/UL)
UDP Stats:
Packets Dropped on UDP IP-Sweep Attack (DL/UL)
ICMP Stats:
Packets Dropped on ICMP IP-Sweep Attack (DL/UL)
show active-charging fw-and-nat policy name
The following fields have been added to the output of this command to display the status of protection for ICMP/TCP-
SYN/UDP IP sweep attacks.
SYN/UDP IP sweep attacks.
Dos-Protection:
UDP IP Sweep
ICMP IP Sweep
TCP-SYN IP Sweep