3-11
Virus Throttling (Connection-Rate Filtering)
Configuring Connection-Rate Filtering
Configuring the Per-Port Filtering Mode
Table 3-1. Throttle Mode Penalty Periods
Syntax: filter connection-rate < port-list > < notify-only | throttle | block >
no filter connection-rate < port-list >
Configures the per-port policy for responding to detection of a
relatively high number of inbound IP connection attempts from
a given source. The level at which the switch detects such traffic
depends on the sensitivity setting configured by the connection-
rate-filter sensitivity command (page 3-10). (Note: You can use
connection-rate ACLs to create exceptions to the configured
filtering policy. See “Configuring and Applying Connec-
tion-Rate ACLs” on page 3-17.) The no form of the command
disables connection-rate filtering on the ports in # < port-list >.
notify-only: If the switch detects a relatively high number of IP
connection attempts from a specific host, notify-only generates
an Event Log message. Sends a similar message to any SNMP
trap receivers configured on the switch.
throttle: If the switch detects a relatively high number of IP
connection attempts from a specific host, this option generates
the notify-only messaging and also blocks all inbound traffic
from the offending host for a penalty period. After the penalty
period, the switch allows traffic from the offending host to
resume, and re-examines the traffic. If the suspect behavior
continues, the switch again blocks the traffic from the offending
host and repeats the cycle. For the penalty periods, refer to table
3-1, below.
block: If the switch detects a relatively high number of IP
connection attempts from a specific host, this option generates
the notify-only messaging and also blocks all inbound traffic
from the offending host.
Throttle Mode
(Sensitivity)
Frequency of IP
Connection Requests
from the Same Source
Mean Number of New
Destination Hosts in the
Frequency Period
Penalty Period
Low < 0.1 second 54 < 30 seconds
Medium < 1.0 second 37 30 - 60 seconds
High < 1.0 second 22 60 - 90 seconds
Aggressive < 1.0 second 15 90 - 120 seconds
To Next Page
Loading...
Need help?
General