Syn Protection Feature - Avaya G250 Technical White Paper
Media gateway
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (720 pages)
Table of Contents
Advertisement
2. DOS
Use the icmp in-echo-limit command to set the maximum number of echo requests
that can be received in one second. Use the no form of the command to set the
limit to its default value. Possible values are [1 – 10000].
G350-002(super)# icmp in-echo-limit ?
Icmp in-echo-limit commands:
---------------------------------------------------------------------------
Syntax : icmp in-echo-limit <size>.
Example: icmp in-echo-limit 100.
G350-002(super)#
3. SYN Protection
The G250/G350 provides various TCP/IP services and is therefore exposed to a
myriad of TCP/IP based DoS attacks.
to a wide range of malicious attacks that can cause a denial of one or more
services provided by a targeted host. Specifically, a SYN attack is a
well-known TCP/IP attack in which a malicious attacker targets a vulnerable
device and effectively denies it from establishing new TCP connections.
SYN cookies refers to a well-known method of protection against a SYN attack.
Use the tcp syn-cookies command to enable the tcp syn-cookies defense
mechanism against SYN attacks.
display the SYN cookies statistics. The no version of this command disables
the tcp syn-cookies defense mechanism against SYN attacks.
version of this command to clear the SYN cookie counters.
G350-002(super)# tcp syn-cookies
To enable the tcp syn-cookies, copy the running configuration to the start-up
configuration file and reset the device.
G350-002(super)#
When the SYN cookies feature is enabled, the G250/G350 alerts the
administrator to a suspected SYN attack as it occurs by sending the following
syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds.
G350-002(super)# no tcp syn-cookies
To disable the tcp syn-cookies, copy the running configuration to the start-
up configuration file and reset the device.
G350-002(super)#
G350-002(super)# clear tcp syn-cookies counters
done!
G350-002(super)#
GPW/AMK
©2005 Avaya Inc. All Rights Reserved. Avaya and the Avaya logo are trademarks of Avaya Inc. and
may be registered in certain jurisdictions. All trademarks identified by ® and ™ are registered
trademarks or trademarks respectively, of Avaya Inc. All other registered trademarks or trademarks
DoS (Denial of Service) attacks refers
Use the show version of this command to
are property of their respective owners.
7
Use the clear
Avaya G250/G350
Media Gateway
Security Features
Overview
Advertisement
Table of Contents
