Denial of Service Commands
This chapter explains the following commands:
•
dos-control firstfrag
•
dos-control icmp
•
dos-control l4port
•
dos-control sipdip
•
dos-control tcpflag
•
dos-control tcpfrag
•
ip icmp echo-reply
•
ip icmp error-interval
•
ip unreachables
•
ip redirects
•
ipv6 icmp error-interval
•
ipv6 unreachables
•
show dos-control
dos-control firstfrag
Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP
Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is
active for this type of attack. If packets ingress having a TCP Header Size smaller than the
configured value, the packets are dropped.
Syntax
size
dos-control firstfrag [
no dos-control firstfrag
size —TCP header size. (Range: 0-255). The default TCP header size is 20. ICMP packet size
•
is 512.
Default Configuration
Denial of Service is disabled.
]
Denial of Service Commands
61
943