Digital Data Communications LevelOne GTL-2091 매뉴얼 - 페이지 4
{카테고리_이름} Digital Data Communications LevelOne GTL-2091에 대한 매뉴얼을 온라인으로 검색하거나 PDF를 다운로드하세요. Digital Data Communications LevelOne GTL-2091 4 페이지. Attack prevention configuration
Digital Data Communications LevelOne GTL-2091에 대해서도 마찬가지입니다: 매뉴얼 (8 페이지)
페이지 인쇄filter arp
The ARP attack takes the host's MAC address and the source port as the attack
source, that is, message from the same MAC address but different ports cannot be
calculated together. Both the IGMP attack and IP attack take the host's IP address
and source port as the attack source.
Remember that the IGMP attack prevention and the IP attack prevention cannot be
started up together.
1.3.3 Starting up the Attack Prevention Function
After all parameters for attack prevention are set, you can start up the attack
prevention function. Note that small parts of processor source will be occupied when
the attack prevention function is started.
filter enable
Use the no filter enable command to disable the attack prevention function and
remove the block to all attack sources.
1.3.4 Checking the State of Attack Prevention
After attack prevention is started, you can run the following command to check the
state of attack prevention:
show filter
1.4 Attack Prevention Configuration Example
To enable the IGMP attack prevention and the ARP attack prevention on port 1/2,
consider any host that sends more than 1200 pieces of message within 15 seconds as
the attack source and to cut off network service for any attack source.
filter period 15
filter threshold 1200
filter block-time 600
interface g0/2
filter arp
exit
filter enable
http://www.level1.com
Command
Command
Attack Prevention Configuration
interface y at slot X.
Detects the arp attack.
Description
Starts up the attack prevention function.
Description
Checks the state of attack prevention.
- 2 -