Table 13
Variable definitions
Variable
[no]
Configuring global DOS protection
Configure global Denial of Service (DOS) protection to protect the network
against intrusion attempts such as SYN attacks, Win-nuke attacks, and IP
sequence number spoofing.
By default, all DOS protection checks are disabled except for SYN flooding,
ICMP error, and DNS replay.
Procedure steps
Step
1
2
3
4
Table 14
Variable definitions
Variable
<dos-protect-opt
ion>
Copyright © 2007, Nortel Networks
.
Action
To enter configuration mode, enter:
configure terminal
To specify global firewall configuration, enter:
firewall global
To specify global DOS protection configuration, enter:
dos-protect
To enable or disable desired DOS protection options, enter:
[no] <dos-protect-option>
Value
enable-all
Enables/disables all DOS protect checks.
dns-replay-attack
Enables/disables DNS replay attack check.
A DNS replay attack occurs when an individual intercepts
traffic, analyzes the captured packets and obtains
authentication information. The individual can then use
this information to gain access to other systems by
reinserting the authenticated packets on the Internet and
replaying them.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007
Configuring global properties 81
Value
Disables bypass trusted.
—End—