Table of Contents
Advertisement
14.3.14.2 hostdos
Use this command to enable or disable Denial of Service security features.
hostdos {land | fragmicmp | largeicmp size | checkspoof | portscan}
Syntax Description
land
fragmicmp
largeicmp size
checkspoof
portscan
Command Syntax of the "no" Form
The "no" form of this command disables the specified security features:
no hostdos {land | fragmicmp | largeicmp size | checkspoof}
Command Type
Router command.
Command Mode
Global configuration: Matrix>Router1(config)#, or
Interface configuration: Matrix>Router1(config-if(Vlan <vlan_id>))#
Command Defaults
None.
Configuring Denial of Service (DoS) Prevention
Enables land attack protection and automatically discards
illegal frames. This can be enabled globally, or
per-interface.
Enables fragmented ICMP and Ping of Death packets
protection and automatically discards illegal frames. This
can only be enabled globally.
Enables large ICMP packets protection, specifies the
packet size above which the protection starts, and
automatically discards illegal frames. Valid packet size
values are 1 to 65535. The default is 1024. This can only
be enabled globally.
Enables spoofed address checking and automatically
reports spoofed addresses via Syslog. This can be enabled
globally, or per-interface.
Enables UDP and TCP port scan protection. This can only
be enabled globally.
Matrix NSA Series Configuration Guide
Security Configuration Command Set
14-185
Advertisement
Chapters
Table of Contents
