26-4
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 26 Protecting the Router from DoS Attacks
Related Documentation
Verifying IP Options Handling: Example
The following sample output from the show ip traffic command indicates that the router received 2905
packets with IP options set. Because the ip options drop command is configured, the router drops all
the packets with IP options, as indicated by the options denied counter.
Router# show ip traffic
IP statistics:
Rcvd: 2905 total, 13 local destination
0 format errors, 0 checksum errors, 0 bad hop count
0 unknown protocol, 1 not a gateway
0 security failures, 0 bad options, 0 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump
0 other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented, 0 couldn't fragment
Bcast: 12 received, 3 sent
Mcast: 0 received, 0 sent
Sent: 3 generated, 0 forwarded
Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 0 unicast RPF, 0 forced drop, 0 unsupported-addr
3000 options denied, 0 source IP address zero
Related Documentation
This section provides additional Cisco documentation for the features discussed in this chapter. To
display the documentation, click the document title or a section of the document highlighted in blue.
When appropriate, paths to applicable sections are listed below the documentation title.
Feature Related Documentation
Denial of service (DoS) attacks Characterizing and Tracing Packet Floods Using Cisco Routers technical note
To Next Page
Loading...
