hostdos
Disabled
IP packet with multicast/broadcast source address
Always enabled
0 attacks
Fragmented ICMP traffic
Disabled
Large ICMP packet
Disabled
Ping-of-Death attack
Always enabled
0 attacks
Port Scanning
Disabled
hostdos
Use this command to enable or disable Denial of Service security features.
Syntax
hostdos {land | fragmicmp | largeicmp size | checkspoof | portscan}
no hostdos {land | fragmicmp | largeicmp size | checkspoof}
Parameters
land
fragmicmp
largeicmp size
checkspoof
portscan
Defaults
None.
Mode
Router command, Global configuration: Matrix>Router(config)#, or
Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))#
Usage
The "no" form of this command disables the specified security features.
Enables land attack protection and automatically discards illegal
frames. This can be enabled globally, or per‐interface.
Enables fragmented ICMP and Ping of Death packets protection and
automatically discards illegal frames. This can only be enabled globally.
Enables large ICMP packets protection, specifies the packet size above
which the protection starts, and automatically discards illegal frames.
Valid packet size values are 1 to 65535. The default is 1024. This can only
be enabled globally.
Enables spoofed address checking and automatically reports spoofed
addresses via Syslog. This can be enabled globally, or per‐interface.
Enables UDP and TCP port scan protection. This can only be enabled
globally.
Enterasys Matrix DFE-Gold Series Configuration Guide 24-23
Configuring Denial of Service (DoS) Prevention