Table of Contents
Advertisement
Command Reference Guide
ip firewall check syn-flood
Use the ip firewall check syn-flood command to enable the AOS stateful inspection firewall to filter out
phony Transmission Control Protocol (TCP) service requests and allow only legitimate requests to pass
through. Use the no form of this command to disable this feature.
The AOS firewall must be enabled (using the command
stateful inspection firewall to be activated.
Syntax Description
No subcommands.
Default Values
All AOS security features are inactive until the ip firewall command is issued at the Global Configuration
mode prompt. In addition, the SYN-flood check is enabled by default but remains inactive until the ip
firewall command is issued.
Command History
Release 2.1
Functional Notes
SYN flooding is a well-known denial-of-service attack on TCP-based services. TCP requires a three-way
handshake before actual communications begin between two hosts. A server must allocate resources to
process new connection requests that are received. A potential intruder is capable of transmitting large
amounts of service requests (in a very short period of time), causing servers to allocate all resources to
process the phony incoming requests. Using the ip firewall check syn-flood command configures the
AOS stateful inspection firewall to filter out phony service requests and allow only legitimate requests to
pass through.
Usage Examples
The following example disables the AOS SYN-flood check:
(config)#no ip firewall check syn-flood
60000CRG0-35E
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
ip firewall on page
999) for the
1010
Advertisement
Table of Contents
