Table of Contents
Advertisement
| General Security Measures
C
25
HAPTER
Denial of Service Protection
dos-protection
win-nuke
show
dos-protection
This command protects against DoS WinNuke attacks in which affected the
Microsoft Windows 3.1x/95/NT operating systems. In this type of attack,
the perpetrator sends the string of OOB out-of-band (OOB) packets
contained a TCP URG flag to the target computer on TCP port 139
(NetBIOS), casing it to lock up and display a "Blue Screen of Death." This
did not cause any damage to, or change data on, the computer's hard disk,
but any unsaved data would be lost. Microsoft made patches to prevent the
WinNuke attack, but the OOB packets still put the service in a tight loop
that consumed all available CPU time. Use the no form to disable this
feature.
S
YNTAX
dos-protection win-nuke [bit-rate-in-kilo rate]
no dos-protection udp-flooding
rate – Maximum allowed rate. (Range: 64-2000 kbits/second)
D
S
EFAULT
ETTING
Disabled, 1000 kbits/second
C
M
OMMAND
ODE
Global Configuration
E
XAMPLE
Console(config)#dos-protection win-nuke 65
Console(config)#
This command shows the configuration settings for the DoS protection
commands.
C
M
OMMAND
ODE
Privileged Exec
E
XAMPLE
Console#show dos-protection
Global DoS Protection:
Echo/Chargen Attack
Smurf Attack
TCP Flooding Attack
TCP Null Scan
TCP SYN/FIN Scan
TCP/UDP Packets with Port 0 : Enabled
TCP XMAS Scan
UDP Flooding Attack
WinNuke Attack
Console#
– 962 –
: Disabled, 1000 kilobits per second
: Enabled
: Disabled, 1000 kilobits per second
: Enabled
: Enabled
: Enabled
: Disabled, 1000 kilobits per second
: Disabled, 1000 kilobits per second
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Chapters
Table of Contents
