tcp-syn-fin
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
737
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Command Reference Guide
TCP-SYN-FIN
tcp-syn-fin
DESCRIPTION
This command is entered in the Firewall-Attack Sub Configuration Mode. It has
TCP packets with both SYN and FIN flag set, causing a denial of service. The
above keyword is also turned on by default. If you wish to disable this, you can
override this keyword and then turn it on when necessary by including this
command in the user-defined attack prevention list.
PARAMETERS
None.
EXAMPLE
ALU(config-firewall-attack-A1)# tcp-syn-fin
TCP-SYN-FLOOD
tcp-syn-flood [{threshold <1-4294967295> <1-4294967295>
|timeout <1-4294967295>}]
DESCRIPTION
This command is entered in the Firewall-Attack Sub Configuration Mode. The
server builds in its system memory a data structure describing all pending
connections. This data structure is of finite size, and it can be made to overflow by
intentionally creating too many partially-open connections. Systems providing
TCP-based services to the Internet community may be unable to provide services
while under this attack and for some time after this attack ceases. To protect the
system from this attack, use this command.
PARAMETERS
DEFAULT VALUE
The default is 100 packets in 1000 milliseconds.
EXAMPLE
Consider the following example, here if you do not explicitly provide the threshold
value for the attack, the default value is taken:
ALU(config-attack A4)# tcp-syn-flood
Parameter Description
threshold Threshold limit set.
<1-4294967295> <1-
4294967295>
Number of packets permissible within a defined
interval.
timeout <1-4294967295> TCP Proxy timeout in seconds
To Next Page
Loading...
