Displaying dns attack protection information, Displaying dns dpi policy counters – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

22

Brocade Virtual ADX Security Guide

53-1003250-01

DNS-DPI Attack Protection

1

Displaying DNS attack protection information

The following information can be displayed regarding DNS attack protection.

•

DNS DPI policy counters

•

IP addresses held down by a rate limit action

Displaying DNS DPI policy counters

DNS DPI policy counters can be displayed for a specified DNS policy as shown.

Virtual ADX#show csw-dns-policy p1

Rule Name

Action

Hit Count

Rate Limit Held Down

d2

redirect

0

0

d4

drop

0

0

d3

rate-limit

0

0

default

drop

0

0

You can display the DNS DPI policy counters for all DNS policies as shown.

Virtual ADX#show csw-dns-policy

Total Policies:3

Total Rules:6

Total Rule Actions:6

Policy Name :p1 Bind Count:2

Rule Name

Action

Hit Count

Rate Limit Held Down

d5

redirect

0

0

d1

redirect

0

0

d2

redirect

0

0

d3

rate-limit

0

0

default

drop

0

0

Policy Name

:p2

Bind Count:0

Rule Name

Action

Hit Count

Rate Limit Held Down

Policy Name :p3 Bind Count:0

Rule Name

Action

Hit Count

Rate Limit Held Down

d3

drop

0

0

Syntax: show csw-dns-policy policy-name

The policy-name variable species a DNS policy that you want to display DNS DPI policy counters for.

CSW DNS DPI policy counters can be cleared for a specified DNS policy as shown.

Virtual ADX#clear csw-policy p1

Syntax: clear csw-policy policy-name

Displaying IP addresses held down by a rate limit action

IP addresses held down by a rate limit action can be displayed for an application process (BP) from
the rconsole as shown.

Virtual ADX#rconsole 1 1

Virtual ADX1/1#show security holddown

source

destination

vers

attempt

start

last

HD

time

10.30.30.4

10.0.0.3

3

45646

5646

N

1