Table of Contents
Advertisement
E
XAMPLE
Console(config)#dos-protection syn-fin-scan
Console(config)#
This command protects against DoS TCP-xmas-scan in which a so-called
dos-protection
TCP XMAS scan message is used to identify listening TCP ports. This scan
tcp-xmas-scan
uses a series of strangely configured TCP packets which contain a sequence
number of 0 and the URG, PSH and FIN flags. If the target's TCP port is
closed, the target replies with a TCP RST packet. If the target TCP port is
open, it simply discards the TCP XMAS scan. Use the no form to disable
this feature.
S
YNTAX
[no] dos-protection tcp-xmas-scan
D
EFAULT
Enabled
C
OMMAND
Global Configuration
E
XAMPLE
Console(config)#dos-protection tcp-xmas-scan
Console(config)#
This command protects against DoS UDP-flooding attacks in which a
dos-protection
perpetrator sends a large number of UDP packets (with or without a
udp-flooding
spoofed-Source IP) to random ports on a remote host. The target will
determine that application is listening at that port, and reply with an ICMP
Destination Unreachable packet. It will be forced to send many ICMP
packets, eventually leading it to be unreachable by other clients. Use the
no form to disable this feature.
S
YNTAX
dos-protection udp-flooding [bit-rate-in-kilo rate]
no dos-protection udp-flooding
D
EFAULT
Disabled, 1000 kbits/second
C
OMMAND
Global Configuration
S
ETTING
M
ODE
rate – Maximum allowed rate. (Range: 64-2000 kbits/second)
S
ETTING
M
ODE
– 943 –
| General Security Measures
C
25
HAPTER
Denial of Service Protection
- Quick Links:
- Connecting to the Switch
- Console Connection
Hide quick links:
Advertisement
Chapters
Table of Contents
