inspect max-incomplete high 1000 (最大半开连接high为1000,超过进入aggressive mode)
ip inspect max-incomplete low 900 (最大半开连接low为900,低于从aggressive恢复正常)
ip inspect one-minute high 1000 (每分钟半开连接high为1000)
ip inspect one-minute low 900 (每分钟半开连接low为900)
ip inspect udp idle-time 10 (UDP闲置时间,超过后防火墙丢弃会话信息)
ip inspect dns-timeout 3 (DNS超时时间,超过后防火墙丢弃会话信息)
ip inspect idle-time 360 (TCP闲置时间,超过后防火墙丢弃会话信息)
ip inspect tcp finwait-time 1 (发现FIN交换后,1秒 内防火墙丢弃会话信息)
ip inspect tcp synwait-time 15 (三次握手等 待时间为15S,超过后防火墙丢弃会话信息)
ip inspect name IOSFW http
ip inspect name IOSFW ftp
ip inspect name IOSFW icmp
ip inspect name IOSFW telnet
Router#show ip inspect all
Session audit trail is disabled
Session alert is enabled
one-minute (sampling period) thresholds are [900:1000] connections
max-incomplete sessions thresholds are [900:1000]
max-incomplete tcp connections per host is 50. Block-time 0 minute.
tcp synwait-time is 15 sec -- tcp finwait-time is 1 sec
tcp idle-time is 360 sec -- udp idle-time is 10 sec
dns-timeout is 3 sec
Inspection Rule Configuration
Inspection name IOSFW
http alert is on audit-trail is off timeout 360
ftp alert is on audit-trail is off timeout 360
icmp alert is on audit-trail is off timeout 10
telnet alert is on audit-trail is off timeout 360
阅读(303) | 评论(0) | 转发(0) |