smartdefense network-security ip-icmp max-ping-
size
P
URPOSE
The
smartdefense network-security ip-icmp max-ping-size
variable is used for working with Max Ping Size settings in the following ways:
• Configuring Max Ping Size settings
• Displaying and exporting Max Ping Size settings
PING (ICMP echo request) is a program that uses ICMP protocol to check whether
a remote machine is up. A request is sent by the client, and the server responds
with a reply echoing the client's data.
An attacker can echo the client with a large amount of data, causing a buffer
overflow. You can protect against such attacks by limiting the allowed size for
ICMP echo requests.
S
YNTAX
When used with
set
set smartdefense network-security ip-icmp max-ping-size [enforce enforce] [log log]
[size size]
When used with
show
show smartdefense network-security ip-icmp max-ping-size [enforce | log | size]
F
IELDS
enforce
Chapter 5: CLI Variables
:
:
String. Indicates whether to enable blocking ICMP echo
responses that exceed the
the following values:
•
enabled
•
disabled
The default value is
smartdefense network-security ip-icmp max-ping-size
size
threshold. This can have
- Blocking is enabled.
- Blocking is disabled.
enabled
.
311