Chapter 4 Zone Configuration
Zone Detection
2.Choose ENTER. The following (partial sample) screen appears:
Key | Rate | Policy |
192.168.100.34 | 73.17 | http/80/analysis/syns/dst_ip |
N/A | 0.17 | http/80/analysis/syns/global |
Key | Ratio | Policy |
192.168.100.34 | 1.44 |
|
tcp_ratio/any/analysis/syn_by_fin/dst_ip_ratio | ||
80 | 1.44 |
|
tcp_ratio/any/analysis/syn_by_fin/dst_port_ratio | ||
Key | Connections | Policy |
N/A | 429.00 |
|
tcp_connections/any/analysis/in_nodata_conns/global
The sample screen displays that the detector policies are receiving traffic and functioning properly.
Zone Detection
After learning the zone traffic characteristics the Detector is ready for zone detection. The user may wish to command the Detector to detect right after completing the zone configurations. The Detector would then begin applying its detection policies.
To detect the zone perform the following:
1.From the Global command group level type the following:
admin@DETECTOR# detect
Or alternatively:
From the Zone command group level type the following:
Where
|
| Cisco Traffic Anomaly Detector User Guide |
|
|
|
|
| ||
|
|
|
| |
|
|
|