Reference Guide
3 Configuration commands Intrusion detection system commands
NN47928-107 45
ids flood settings
This command describes how to change threshold values for IDS flood
protection. IDS refers to a threshold value to detect a flood attack. The
threshold can be changed for some protocols and services:
z Known protocols: ARP, ICMP, UDP, TCP, ESP
z Any protocol other than the known protocols listed above
(unknown_ip_proto).
z Known services: DHCP, DNS, IKE, MGCP, RADIUS, RIP, SIP, SNMP,
SNTP, TFTP
z Any service (port) other than the known services listed above
(unknown_port).
The following table lists the default threshold values,
Syntax config ids flood settings [dhcp|dns|esp|ike| mgcp|radius_1|
radius_2|rip|sip|snmp|sntp|tftp|unknown_IP_proto|
unknown_port] threshold <pps>
Parameters service dhcp|dns|esp|ike| mgcp|radius_1|
radius_2|rip|sip|snmp|sntp|tftp|unknown_IP_proto|
unknown_port
Specify the Protocol or service with a changed
value threshold. See Table 5
for the default
values. radius_1 and radius_2 are the ports
RADIUS is using.
threshold pps Enter the minimum number of packets/second
to be considered an attack.
Example > config ids flood settings dhcp threshold 5
Related
commands
display ids flood settings
show ids flood settings
clear ids attacks
show ids attacks
Table 5
Default Flood Threshold Values
Protocol
or
Service
Default
Threshold
Level
Protocol
or
Service
Default
Threshold
Level
Protocol or
Service
Default
Threshold
Level
dhcp 10 radius_1 100 sntp 10
dns 20 radius_2 100 tftp 100
esp 100 rip 20 unknown_IP_proto 500
ike 100 sip 255 unknown_port 500
mgcp 255 snmp 300