Configuring The Master Configuration Key; Summary Of Master Configuration Key Configuration Commands; Enabling Syn Cookies - Avaya G450 Manual

Configuring the Master Configuration Key

1. Enter key config-key password-encryption followed by a phrase of 13-64
printable ASCII characters.
2. Copy the running configuration to the start-up configuration using the copy
running-config startup-config command.
The new MCK is now in effect.

Summary of Master Configuration Key configuration commands

For more information about these commands, see Avaya G450 CLI Reference, 03-300437.
Table 9: Master Configuration Key configuration commands
Command
key config-key
password-encryption

Enabling SYN cookies

The G450 provides various TCP/IP services and is therefore exposed to a myriad of TCP/IP
based DoS attacks.
DoS (Denial of Service) attacks refers to a wide range of malicious attacks that can cause a
denial of one or more services provided by a targeted host. Specifically, a SYN attack is a
well-known TCP/IP attack in which a malicious attacker targets a vulnerable device and
effectively denies it from establishing new TCP connections.
SYN cookies refers to a well-known method of protection against a SYN attack.
SYN attack (SYN flood attack)
The SYN (TCP connection request) attack is a common DoS attack characterized by the
following pattern:
Using a spoofed IP address, an attacker sends multiple SYN packets to a listening TCP port on
the target machine (the victim). For each SYN packet received, the target machine allocates
resources and sends an acknowledgement (SYN-ACK) to the source IP address. The TCP
connection is called a "half-open" connection at this point since the initiating side did not yet
send back an acknowledgment (termed the 3rd ACK).
Description
Set the default Master Configuration Key of the gateway
Special security features
Issue 1 January 2008 69