HP Comware 5 Debug Manual Vol 1

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

Table 194 Output from the debugging ddos event command

Field

Description

Packet dropped by the filter of the user-service

user-service-name.

Protocol: protocol-type, dst-port: dst-port-num,

method: method-type, address: ip-address.

The packet was discarded by the filter of the user service

named user-service-name.

method: Filter type.

• 0—Filtering based on source IP address.

• 1—Filtering based on destination IP address.

address: Source or destination IP address of the packet

(depends on the filter type).

Created policy policy-name (policy-key-string).

Policy policy-name was created. The policy name includes

template-type, template-para, analysis-type, and

analysis-object. The policy key word is policy-key-string.

Examples

# Enable DDoS protection event debugging on the Guard. Output similar to the following example is

generated when IP address 1.1.1.1 is attacked under the following conditions:

•

Traffic filtering devices are added on the SecCenter.

•

On the SecCenter, a user service named example is defined to protect IP address 1.1.1.1 against

DDoS attacks.

<Sysname> debugging ddos event

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

Added a protected network (1.1.1.1/32/0) for the user-service example.

// A protected network was added for the user service example.

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

Created an IP statistics entry (1.1.1.1) of the user-service example.

TCP ports: 3, UDP ports: 1, port sequence: 3.

// An IP statistics entry for 1.1.1.1 was created.

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

Created policy tcp/0/*/dst-ip (1.1.1.1).

// A policy was created. The policy processes all TCP packets with destination IP address 1.1.1.1.

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

Refreshed policy tcp/0/*/dst-ip (1.1.1.1) when creating session.

Related sessions: 0, new sessions: 0, current sessions: 0, current sequence: 1.

// The policy was refreshed during session creation.

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

Packet dropped according to policy tcp/0/packet/dst-ip (1.1.1.1).

// A packet was discarded according to the policy. The policy shows the total number of TCP packets

with destination IP address 1.1.1.1 per second.

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

Deleted a session.

Initiator: 2.2.2.1(1024), 1.1.1.1(1025), 6.

Responder: 1.1.1.1(1025), 2.2.2.1(1024), 6.

// A session was deleted. It is a TCP session with the initiator 2.2.2.1 at port 1024 and the responder

1.1.1.1 a t p o r t 10 2 5 .

*Feb 26 16:01:58:516 2009 Sysname DDOS/7/EVENT:

352