Filter and Firewall
Left running head:
Chapter name (automatic)
710
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Command Reference Guide
Alcatel-Lucent
DEFAULT
default [stateless]
DESCRIPTION
This command is entered in the Firewall-Attack Sub Configuration Mode. This
command is used to configure all the default attacks for an attack object.
PARAMETERS
EXAMPLE
ALU(config-firewall-attack-A1)# default
ALU(config-firewall-attack-A1)# default stateless
You can create a “default” attack setting to check default attacks on ingress traffic
to all interfaces.
In the OmniAccess 5740 USG, the default DoS attack is configured for the
prevention of all attacks and their default settings except "icmp-block-trace-
route", "icmp-router-advertisement", "icmp-redirect" and "ip-rate-threshold".
These attacks can be either manually turned on for detection or filters can be
applied to block them. The minimum time resolution you can enter is 5
milliseconds.
The following attacks are the Default attacks (Rate Limiting attacks, which
includes both Stateful and Stateless attacks):
tcp_header_frag - -
udp_header_frag - -
tcp_fin_scan - -
tcp_syn_flood 100 1000 5
icmp_ping_flood 100 1000
icmp_dest_unrch_storm 10 1000
icmp_ip_address_sweep 100 1000
port_scan 5 1000
udp_flood 200 1000
udp-port-loopback 10 1000
ip-tear-drop - -
ip-tiny-frag 50 64
icmp-ping-of-death 50 65507
ip-zero-length - -
Parameter Description
default Default keyword configures all the
Default Rate Limiting attacks (i.e, both
Stateful and Stateless attacks).
stateless Stateless keyword configures only the
Default Non-rate Limiting (i.e., only
Stateless attacks.).