5-29
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 5 Managing Security Contexts
Monitoring Security Contexts
The summary option shows the total for all contexts together. For example, the denied column shows
the items that have been denied for each context limit. The system option shows the counts for the entire
system. For the limit and denied counts, for example, you only see a number in the denied column if the
system limit is reached, not if one or more context limits are reached.
For the resource name, see Table 5-1 on page 5-15 for resource names.
The detail keyword shows the resources you can limit in a class, plus other system resources for which
you cannot configure limits.
The counter counter_name is one of the following keywords:
• current—Shows the active concurrent instances or the current rate of the resource.
• peak—Shows the peak concurrent instances, or the peak rate of the resource since the statistics were
last cleared, either using the clear resource usage command or because the device rebooted.
• denied—Shows the number of denied uses of the resource, since the resource statistics were last
cleared.
• all—(Default) Shows all statistics.
The count_threshold sets the number above which resources are shown. The default is 1. If the usage of
the resource is below the number you set, then the resource is not shown. If you specify all for the
counter name, then the count_threshold applies to the current usage.
Note To show all resources, set the count_threshold to 0.
The following sample display shows the resource usage for all contexts and all resources.
FWSM# show resource usage summary
Resource Current Peak Limit Denied Context
Syslogs [rate] 1743 2132 12000(U) 0 Summary
Conns 584 763 100000(S) 0 Summary
Xlates 8526 8966 93400 0 Summary
Hosts 254 254 262144 0 Summary
Conns [rate] 270 535 42200 1704 Summary
Fixups [rate] 270 535 100000(S) 0 Summary
U = Some contexts are unlimited and are not included in the total.
S = All contexts are unlimited; system limit is shown.
Monitoring SYN Attacks using TCP Intercept
TCP intercept uses the SYN cookies algorithm to prevent TCP SYN-flooding attacks. A SYN-flooding
attack consists of a series of SYN packets usually originating from spoofed IP addresess. The constant
flood of SYN packets keeps the server’s SYN queue full which prevents it from servicing connection
requests. When the embryonic connection threshold of a connection is crossed, the FWSM acts as a
proxy for the server and generates a SYN-ACK response to the client’s SYN request. When the FWSM
receives an ACK back from the client, it can then authenticate the client and allow the connection to the
server.
You can monitor the rate of attacks for individual contexts using the show perfmon command; you can
monitor the amount of resources being used by TCP intercept for individual contexts using the show
resource usage detail command; you can monitor the resources being used by TCP intercept for the
entire system using the show resource usage summary detail command.
To Next Page
Loading...
Need help?
General