beautypg.com

Configuring a rule for common attack types, Table 9 – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 99

background image

Brocade Virtual ADX Security Guide

87

53-1003250-01

DDoS protection

5

gt

greater-than

gteq

greater-than-or-equals

lt

less-than

lteq

less-than-or-equals

neq

not-equals

The configured generic rule will have to be bound to a filter, to take effect.

Virtual ADX(config)#security filter filter1

Virtual ADX(config-sec-filter1)#rule generic gen1 drop

Syntax: [no] rule generic generic-rule-name [log | no-log] [drop | no-drop]

The generic-rule-name variable is the name of the preciously defined generic rule that you want to
bind to a filter:

The log parameter directs the Brocade Virtual ADX to log traffic on the bound interface that
matches the generic rule specified by the configured generic-rule-name. The no-log parameter
disables this function.

The drop parameter directs the Brocade Virtual ADX to drop traffic on the bound interface that
matches the generic rule specified by the configured generic-rule-name. The no-drop parameter
disables this function.

Table 9

describes some attack types that require a generic rule.

Configuring a rule for common attack types

As described in

“Configuring a Generic Rule”

on page 86, you can create a custom rule to manage

DDoS attacks. In addition, Brocade Virtual ADX has built-in rules to manage common attack types.
In this case, the rule command is used with a rule-name variable specified in

Table 10

.

The following example configures a the "filter1" security filter with a rule to drop packets that are
associated with a "xmas tree" attack.

Virtual ADX(config)#security filter filter1

Virtual ADX(config-sec-filter1)#rule xmas-tree drop

Syntax: [no] rule rule-name [log | no-log] [drop | no-drop]

The rule-name variable is specified as one of the options described in

Table 10

.

TABLE 9

Common attack types that require a generic rule

Attack Type

Description

Information tunneling

Attacker attempts to pass information in and out of the network incognito.
Packets appear to be performing one function. In reality, they are performing
another function. For example, a remote user may be engaged in a root shell
session on a protected host, but all transmissions appear to be ICMP echo
requests and replies.
Use security generic to handle this attack type.

Well Known Attacks

There are many documented attacks that can be identified by using a
pattern, also known as a signature.
Use security generic for this attack type. It provides you the flexibility of
locating attacks having a pattern.

See also other documents in the category Brocade Computer Accessories: