Table of Contents
Advertisement
Left running head:
Chapter name (automatic)
Filter and Firewall
DEFAULT
default [stateless]
D
ESCRIPTION
Enter this command in the Firewall-Attack Sub Configuration mode. This
command is used to configure all the default attacks for an attack object.
P
ARAMETERS
default
stateless
E
XAMPLE
ALU(config-firewall-attack-A1)# default
ALU(config-firewall-attack-A1)# default stateless
You can create a "default" attack setting to check default attacks on ingress traffic
to all interfaces.
In the OA-700, the default DoS attack is configured for the prevention of all
attacks and their default settings except "icmp-block-trace-route", "icmp-router-
advertisement", "icmp-redirect" and "ip-rate-threshold". These attacks can be
either manually turned on for detection or filters can be applied to block them.
•
For all rate-limiting related attacks, the default threshold is "2 packets per 20
milliseconds".
•
The minimum time resolution you can enter is 5 milliseconds.
The following attacks are the Default attacks (Rate Limiting attacks, which
includes both Stateful and Stateless attacks):
tcp_header_frag
udp_header_frag
tcp_fin_scan
tcp_syn_flood
icmp_ping_flood
icmp_dest_unrch_storm
icmp_ip_address_sweep
port_scan
udp_flood
udp-port-loopback
ip-tear-drop
ip-tiny-frag
icmp-ping-of-death
602
Beta
Parameter
Alcatel-Lucent
Description
Default keyword configures all the
Default Rate Limiting attacks (i.e, both
Stateful and Stateless attacks).
Stateless keyword configures only the
Default Non-rate Limiting (i.e., only
Stateless attacks.).
-
-
-
-
-
-
100
1000
5
100
1000
10
1000
100
1000
5
1000
200
1000
10
1000
-
-
50
64
50
65507
OmniAccess 700 CLI Command Reference Guide
Beta
Advertisement
Table of Contents
