Dos-Protection Echo-Chargen; Dos-Protection Smurf - Edge-Core ECS4810-12M Layer 2 Management Manual

| General Security Measures
C 25
HAPTER
Denial of Service Protection
dos-protection
echo-chargen
dos-protection
smurf
This command protects against DoS echo/chargen attacks in which the
echo service repeats anything sent to it, and the chargen (character
generator) service generates a continuous stream of data. When used
together, they create an infinite loop and result in a denial-of-service. Use
the no form to disable this feature.
S
YNTAX
dos-protection echo-chargen [bit-rate-in-kilo rate]
no dos-protection echo-chargen
rate – Maximum allowed rate. (Range: 64-2000 kbits/second)
D S
EFAULT ETTING
Disabled, 1000 kbits/second
C M
OMMAND ODE
Global Configuration
E
XAMPLE
Console(config)#dos-protection echo-chargen 65
Console(config)#
This command protects against DoS smurf attacks in which a perpetrator
generates a large amount of spoofed ICMP Echo Request traffic to the
broadcast destination IP address (255.255.255.255), all of which uses a
spoofed source address of the intended victim. The victim should crash due
to the many interrupts required to send ICMP Echo response packets. Use
the no form to disable this feature.
S
YNTAX
[no] dos-protection smurf
D S
EFAULT ETTING
Enabled
C M
OMMAND ODE
Global Configuration
E
XAMPLE
Console(config)#dos-protection smurf
Console(config)#
– 914 –