Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
0
Helpful
1
Replies

Hot to configure sanity-checks ?

Jack Lu
Level 1
Level 1

‎12-05-2010 08:40 PM

Hi All

I went through the support files  and found such kind of log messages during peak hours as below,

2010-07-11 11:55:47 | INFO  | CPU #000 | Started filtering packets of type 'TCP Non-SYN' received on interface # 0. Reason: Started filtering due to attack detection

2010-07-11 12:00:35 | INFO  | CPU #000 | Started filtering packets of type 'TCP No-SYN + RST' received on interface # 0. Reason: Started filtering due to attack detection

2010-07-11 13:07:25 | INFO  | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 0. Reason: Stopped filtering for an administrative pause

Basically those logs mean that SCE detect attacks and then in order to protect itself, it put those attack traffic in filter, one hour later, SCE remove the flows from filter and check again, if attack persist, SCE put attack traffic in filter again.

Could we decrease the time for filtering traffic ? like 10 minutes ?

Labels:
0 Helpful
1 Reply 1

cfistik
Level 1
Level 1

‎12-06-2010 03:37 AM

Hello,

I believe this is what you're looking for:

SCE8000#>configure
SCE8000(config)#>interface LineCard 0
SCE8000(config if)#>sanity-checks attack-filter times filtering-cycle max-attack-time

SCE8000#>show interface LineCard 0 sanity-checks attack-filter times
Filtering cycle: 3600 seconds.
Max attack time: 86400 seconds.

Hope that helps,

Best regards.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card