Table 85: Dos Protection Commands; Denial Of Service Protection - Edge-Core ECS3510-26P Management Manual

| General Security Measures
C 24
HAPTER

Denial of Service Protection

D S
ENIAL OF ERVICE
flow
tcp-udp-port-zero
E
XAMPLE
Console#show ip arp inspection vlan 1
VLAN ID DAI Status
-------- ---------------
1 disabled
Console#
P
ROTECTION
A denial-of-service attack (DoS attack) is an attempt to block the services
provided by a computer or network resource. This kind of attack tries to
prevent an Internet site or service from functioning efficiently or at all. In
general, DoS attacks are implemented by either forcing the target to reset,
to consume most of its resources so that it can no longer provide its
intended service, or to obstruct the communication media between the
intended users and the target so that they can no longer communicate
adequately.
This section describes commands used to protect against DoS attacks.

Table 85: DoS Protection Commands

Command
flow tcp-udp-port-zero
This command protects against DoS attacks in which the UDP or TCP
source port or destination port is set to zero. This technique may be used
as a form of DoS attack, or it may just indicate a problem with the source
device. Use the no form to restore the default setting.
S
YNTAX
flow tcp-udp-port-zero {drop | forward}
no flow tcp-udp-port-zero
drop – Drops all packets with the Layer 4 source port or destination
port set to zero.
forward – Forwards all packets with the Layer 4 source port or
destination port set to zero.
D S
EFAULT ETTING
Drop
C M
OMMAND ODE
Global Configuration
– 708 –
ACL Name
--------------------
sales
Function
Protects against attacks which set the Layer 4
source or destination port to zero
ACL Status
--------------------
static
Mode
GC